ssh change port

Message

badgers · Post by **badgers** » Tue Sep 13, 2005 4:27 pm

Hey, I was checking my /var/log/messages and it seems someone is trying to get into my box.
the one at the bottom is me! so that is ok, but should I move my ssh to a different port to keep people from finding my ssh server?
any help is appreciated

Sep 12 16:00:29 myth_hostname sshd[28807]: Invalid user madelyn from 211.172.241.7
Sep 12 16:00:31 myth_hostname sshd[28934]: Invalid user doug from 211.172.241.7
Sep 12 16:00:32 myth_hostname sshd[28996]: Invalid user stacy from 211.172.241.7
Sep 12 16:00:34 myth_hostname sshd[29025]: Invalid user laura from 211.172.241.7
Sep 12 16:00:36 myth_hostname sshd[29030]: Invalid user peter from 211.172.241.7
Sep 12 16:00:38 myth_hostname sshd[29035]: Invalid user billy from 211.172.241.7
Sep 12 16:00:40 myth_hostname sshd[29040]: Invalid user melissa from 211.172.241.7
Sep 12 16:00:42 myth_hostname sshd[29059]: Invalid user dane from 211.172.241.7
Sep 12 16:00:44 myth_hostname sshd[29093]: Invalid user kelly from 211.172.241.7
Sep 12 16:00:45 myth_hostname sshd[29098]: Invalid user kraig from 211.172.241.7
Sep 12 16:00:47 myth_hostname sshd[29107]: Invalid user travis from 211.172.241.7
Sep 12 16:00:49 myth_hostname sshd[29144]: Invalid user candace from 211.172.241.7
Sep 12 16:00:51 myth_hostname sshd[29177]: Invalid user edvin from 211.172.241.7
Sep 12 16:00:53 myth_hostname sshd[29185]: Invalid user erving from 211.172.241.7
Sep 12 16:00:55 myth_hostname sshd[29222]: Invalid user julius from 211.172.241.7
Sep 12 16:00:56 myth_hostname sshd[29227]: Invalid user eduard from 211.172.241.7
Sep 12 16:00:58 myth_hostname sshd[29232]: Invalid user marion from 211.172.241.7
Sep 12 16:01:00 myth_hostname sshd[29242]: Invalid user johnathan from 211.172.241.7
Sep 12 16:01:02 myth_hostname sshd[29273]: Invalid user alex from 211.172.241.7
Sep 12 16:01:04 myth_hostname sshd[29278]: Invalid user client from 211.172.241.7
Sep 12 16:01:06 myth_hostname sshd[29287]: Invalid user ted from 211.172.241.7
Sep 12 16:01:07 myth_hostname sshd[29322]: Invalid user timmoty from 211.172.241.7
Sep 12 16:01:09 myth_hostname sshd[29327]: Invalid user clinton from 211.172.241.7
Sep 12 16:01:11 myth_hostname sshd[29332]: Invalid user henry from 211.172.241.7
Sep 12 16:01:13 myth_hostname sshd[29339]: Invalid user sean from 211.172.241.7
Sep 12 16:01:15 myth_hostname sshd[29352]: Invalid user tarantino from 211.172.241.7
Sep 12 16:01:17 myth_hostname sshd[29357]: Invalid user sundance from 211.172.241.7
Sep 12 16:01:19 myth_hostname sshd[29362]: Invalid user justin from 211.172.241.7
Sep 12 16:01:20 myth_hostname sshd[29367]: Invalid user dustin from 211.172.241.7
Sep 12 16:01:22 myth_hostname sshd[29372]: Invalid user maurice from 211.172.241.7
Sep 12 16:01:24 myth_hostname sshd[29377]: Invalid user morris from 211.172.241.7
Sep 12 16:01:26 myth_hostname sshd[29382]: Invalid user malcom from 211.172.241.7
Sep 12 16:01:28 myth_hostname sshd[29387]: Invalid user patrick from 211.172.241.7
Sep 12 16:01:30 myth_hostname sshd[29392]: Invalid user seinfeld from 211.172.241.7
Sep 12 16:01:32 myth_hostname sshd[29397]: Invalid user end from 211.172.241.7
Sep 13 07:21:05 myth_hostname sshd[32411]: Did not receive identification string from 68.20.164.150
Sep 13 09:28:24 myth_hostname sshd[32563]: Accepted keyboard-interactive/pam for root from 12.20.65.30 port 26509 ssh2
Sep 13 09:28:24 myth_hostname sshd(pam_unix)[32569]: session opened for user root by root(uid=0)

iarwain · Post by **iarwain** » Tue Sep 13, 2005 4:40 pm

I changed mine to 40022 and the number of access attemps dropped to zero. So yes, I think it's a good idea.

plastikman187 · Post by **plastikman187** » Tue Sep 13, 2005 5:16 pm

You could also make a /etc/hosts.allow and a /etc/hosts.deny

the below are examples of course

hosts.allow

Code: Select all

ALL: .gentoo.org
ALL: 207.217.77.82

hosts.deny

Code: Select all

ALL:ALL

Having these files allows only people from the domain specified or the IP specified.

badgers · Post by **badgers** » Tue Sep 13, 2005 5:58 pm

how did you change it?
/etc/ssh/sshd_conf

WladyX · Post by **WladyX** » Tue Sep 13, 2005 6:14 pm

badgers wrote:how did you change it?
/etc/ssh/sshd_conf

Edit /etc/ssh/sshd_config and change the port, you have an option there that is called "Port" changed it from 22 to whatever you want, make sure that that line isn't comented, restart the sshd service and you're done.

badgers · Post by **badgers** » Tue Sep 13, 2005 6:21 pm

this may sound silly but I just tried it and it seems that maybe I shouldn't have tried it while using ssh..

christsong84 · Post by **christsong84** » Tue Sep 13, 2005 6:50 pm

badgers wrote:this may sound silly but I just tried it and it seems that maybe I shouldn't have tried it while using ssh..

lol how do you mean? just connect to the new port

Mine's on 22000 and the scripts cut way back...of course I have other methods where it wouldn't work anyways

But it keeps the script kiddies away

badgers · Post by **badgers** » Tue Sep 13, 2005 6:56 pm

its fine now, thanks
I dis-allowed root login and moved it to a different port
I assumed it would disconnect my current ssh into the box because it was listening on a different port but it seemed that when I loged out and started a new session it was on the new port and I couldn't log in as root.

thanks everyone...