Thread: SSH visits from users who were not given permission--can they be blocked?
View Single Post

   
  #10 (permalink)  
Old 02-20-2008, 06:51 AM
Mr. I.M. Kitty
 
Posts: n/a
Default Re: SSH visits from users who were not given permission--can theybe blocked?
The Eighth Doctor wrote:
> Hello from the Eighth Doctor
> The subject line says it all: "SSH visits from users who were not given
> permission--can they be blocked?"
>

Sounds fairly easy to follow...

> Basically my box now running Slack 10.1 is being visited by people who were not
> given my permission to do so, read hackers, and other annoyances. I frequently use
> SSH from my Manhattan client to show them Linux, or to just keep busy, and I've
> given a fellow I know online who's currently using the services of his school to visit
> the box. He needs to learn Linux, and I trust him as much as he trusts me.
>

That's always a good relationship to have with someone, especially from
afar... ^_^

> However since we reached that decision, I've seen scads of IP addresses attempting
> to enter the box from the Internet. Sometimes they use FTP, but almost always
> SSH. Once I saw something from a UUNET customer attempt a hack, I found out
> later that there's a worm running who targets machines which have the SSH port
> open.
>

This is a given. The moment you stick a box on the net, be it OSX,
Unix, BSD, Windows, Linux, BeOS, etc, it'll get probed and prodded like
a lab rat in a needle testing facility.

> That being said; once I've got the list of acceptable IP addresses from the I'net, any
> suggestions on how to configure the current firewall mechanism to reject everyone
> else? Also the router does contain a firewall, but I'm not sure as to how to have it
> block those addresses, if it can...

Public key authentication is also a good security measure for SSH.

I found this as a little starter:
http://cfm.gs.washington.edu/securit...client-pkauth/

Peruse it if you like or search for more detailed solutions.

Either way, have fun! =

Reply With Quote