>Disable my server's fail2ban to run some tests as I misconfigured some jails
>This happens in 10 minutes
Fuck this shit. This is giving me weird uncomfortable feelings.
Is there any public blacklist to feed mine ?
Also I don't understand. i'm testing ubuntu server, and it's on an old laptop behind my ISP's mandatory router. I use port redirection. Why do I get these connexion attempts while theyr aren't on the right external port (And said external ports are supposed to be closed by default) ?
>>51489258
Routers can be configured to attempt to bruteforce devices on the local network. ISPs love to serve such routers.
>>51489320
did you just say that isp's like to give out routers that will try and brute force the login to ones home server?
what do they do if they manage to get the log it?
>>51489643
Nothing ISP puts blame on customer
>>51489659
what blame?
the original question is still unasked..
you sound like someone I know.. youre name start with 'J'?
Why not whitelist instead?
>>51490525
>Get new dynamic IP from ISP
>Locked out of your server
OP, just log in with your SSH key and disable password logins. Can't get safer than that.
>>51489258
is this a bait thread?
why do you have password authentication enabled, for root at that?
> PermitRootLogin no
> PasswordAuthentication no
> ChallengeResponseAuthentication no
> GSSAPIAuthentication no
consider changing from port 22 as well
>>51489258
there was this malware that infested routers and started breaking into computers via ssh.
>>51491050
Not OP, but if I have a SSH connection and I quit Password Authentication, who I will log in?
>>51489258
As long as you have a strong enough password you shouldn't have to worry. Or just disable password logins and completely get rid of the possibility of being bruteforced.
>>51489258
Tons of shit to possibly do:
>>51490525
This. Whitelist the IPs you use; not always a great option if you're logging on say your 3G/4G/LTE device.
>>51490774
This. Password auth on a internet facing ssh service? lol
>>51491177
You generate a key that remains on your device that allows you to login.
>>51491050
This. Not normally a fan of security through obscurity but changing the port number will drop the attempts by 90%+, don't use something obvious like 2222. Port scanners are a waste of resources, so nearly all only go for the low hanging fruit.
Get a good firewall(pfsense for example) and you can "block the world"(most attempts come from china, russia, etc) and do other shit like lock out IPs after x created states in y mins. Good shit.
>>51491200
The key tht says my ssh-client the 1st time is not the same? I'm kinda new with ssh and stuff.
>>51491235
It will say that when you first connect to an "unknown host" after authenticating it will save it in a known_hosts file and you will not see the warning. *if* your PC was compromised (say mitm) then it would report that it's fingerprint has changed alerting you to a potential security concern.
>>51491266
So, then I was talking tight thing about it. I though that SSH clients always needed a login.
Anon, you made another anon wiser. Thanks,
>>51491303
No problem man. This is a short-ish read: https://semaphoreci.com/community/tutorials/getting-started-with-ssh you don't have to do what it's saying(since you've mostly set it all up already) but take a look since it explains things a bit better.
http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1
http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1
http://www.maxmind.com/en/anonymous_proxies
http://danger.rulez.sk/projects/bruteforceblocker/blist.php
http://rules.emergingthreats.net/blockrules/compromised-ips.txt
http://www.spamhaus.org/drop/drop.lasso
http://cinsscore.com/list/ci-badguys.txt
http://www.openbl.org/lists/base.txt
http://www.autoshun.org/files/shunlist.csv
http://lists.blocklist.de/lists/all.txt
>>51489258
Does fail2ban have sane defaults? I want to install it but don't have time to configure it right now.
>>51489258
Just use rsa ssh keys
>>51491345
I tried (and got it) to set up a ssh coneection with an old laptop running and old debian from my windows. The laptop has nothing on it but I always had fear of someone entering and accessing the rest of the network. Is not hard unless I reach little things or particular things, because language and stuff. I wil lread it anyway. Thanks again.
>>51491429
Cool man, good luck learning! What you'd want to aim for in the future is setting up a VPN(pfsense does this as well, all free); that way what you're doing is placing yourself "inside" your network, so you'd be able to access the ssh server as if it were local and not have to open ports for it. All communication in and out of that VPN tunnel is encrypted. Again, good luck anon
>tfw only allow ssh key logins + ssh agent + hotkey to open terminal and sign in using settings
Password authentication is deprecated desu
>>51491397
For ssh? Yeah.
>>51491513
what about for vnc?
>>51491050
changing from port 22 wont do shit, as scanners will find ur port no matter what. using an ssh key will do something though as nothing short of a hacker that has no better target than you can get through it.
>>51491801
Changing from port 22 will cut down your scans by at LEAST 95%
Source: first-hand experience
Of course a seasoned hacker with you as their target will have no issues port scanning other ports but for the majority of chinese and indian script kiddies out there, changing ports will do the trick. I'd go so far as to say changing the port and disabling root password authentication will make it safe enough to use regular password authentication on a different username if the password is strong and you aren't doing something that endangers national security
>>51491801
did you misread the entire post, or do you simply have no idea about how to edit sshd_config?
the point about the port change was given as an optional extra behind all the serious stuff.
>>51491801
>wont do shit
You're retarded. As stated in this thread, nearly all of the automated attacks are done on default ports, looking for 'low hanging fruit'. A port scan takes too much time and too many resources. It's not an end all fix, but it cuts down the traffic significantly. As with any security it is a layered approach.
>>51489258
>put ssh on a nonstandard port
>only use keys
>disable root login
Are you fucking retarded or what
>>51491594
I cannot recall whether it is set up by default, but it seriously takes a few mins to set up any service to use it. I use it on my public SIP server, and it took maybe ~5m to set up and test?
>>51489877
Janon? ¯\_(ツ)_/¯
>>51491492
Are you still here, anon?
>>51492388
nope, jerry
