I'm under attack I need help in ssh
-
@inroute said in I'm under attack I need help in ssh:
@stacksofplates there is no ssh file or folder under /etc/
what's your output from ls /etc/
-
Also what PBX is this? Is it FreePBX?
-
Would be a good idea to setup fail 2 ban as well.
-
From the original post looks like you are using dropbear ssh.. config should be /etc/config/dropbear
Looks like you need to set
option PasswordAuth 'off'
https://wiki.openwrt.org/doc/uci/dropbear has more details as i couldn't (quickly) find official documentation.
-
@coliver said in I'm under attack I need help in ssh:
Would be a good idea to setup fail 2 ban as well.
I hope at some point in the future they make the setup a little easier. It's fairly daunting for a new person. Pam_tally2 and faillock are fairly easy to set up, but rely on PAM. Would be nice to have a middle ground.
-
@tiagom said in I'm under attack I need help in ssh:
From the original post looks like you are using dropbear ssh.. config should be /etc/config/dropbear
Looks like you need to set
option PasswordAuth 'off'
https://wiki.openwrt.org/doc/uci/dropbear has more details as i couldn't (quickly) find official documentation.
Good catch, I didn't notice that.
-
@coliver said in I'm under attack I need help in ssh:
Would be a good idea to setup fail 2 ban as well.
Agreed.
-
there is no config folder in the /etc/ directory but i found dropbear folder in the /etc/ directory and it contain tow files
dropbear _dss_host_key
dropbear _rsa_host_keyany idea
-
What about under /etc/default/dropbear
What distro and pbx are you running so we can stop guessing.
-
@tiagom no there no under /etc/default/dropbear
sorry Tiagom im new in Linux
the pbx is Panasonic gsm gateway -
@tiagom Linux version 3.0.76-4.i586 gcc version 4.4.1 ( GCC)
-
It looks like you need to set
DROPBEAR_EXTRA_ARGS="-s"
in the dropbear init file.
https://github.com/mkj/dropbear/blob/master/debian/dropbear.init
*It states Do not configure this file. Edit /etc/default/dropbear instead! in the latest version. Your version maybe older or modified by panasonic since /etc/default/dropbear doesnt exist..
Arg found here
http://linux.die.net/man/8/dropbear
But honestly, if there is a firewall in front of this pbx box it maybe easier to do it there.
-
@tiagom so what do you think i must do to stop hackers and right now one hacker he made the gateway reboots like 100 time
is there a way that i can block him
-
@tiagom please see this link
http://manpages.ubuntu.com/manpages/precise/man8/dropbearkey.8.htmldo you think it will help and honestly if you can guide me on how to do it .
it will be nice from you -
Its difficult to suggest without knowing the environment..
The simplest is change passwords if its compromised.
If its behind a firewall you can block traffic on port 22 unless its from your ip..
-
@tiagom ummmm....
-
@inroute said in I'm under attack I need help in ssh:
@tiagom ummmm....
@tiagom is exactly right. You have a Panasonic device on your network, it should be behind your router/firewall, so just turn off port 22 at your router/firewall.
-
@inroute said in I'm under attack I need help in ssh:
@tiagom GNU/Linux
That's a family but not an OS. OS would be like CentOS, Ubuntu, etc.
-
@inroute said in I'm under attack I need help in ssh:
@tiagom so what do you think i must do to stop hackers and right now one hacker he made the gateway reboots like 100 time
is there a way that i can block him
@inroute said in I'm under attack I need help in ssh:
@tiagom so what do you think i must do to stop hackers and right now one hacker he made the gateway reboots like 100 time
is there a way that i can block him
What is the gateway? It's just an Ubuntu server? -
@scottalanmiller said in I'm under attack I need help in ssh:
@inroute said in I'm under attack I need help in ssh:
@tiagom GNU/Linux
That's a family but not an OS. OS would be like CentOS, Ubuntu, etc.
GNU/Linux is pig tail riding on behalf of Richard Stallman. If it's GNU/Linux, then this is actually not MangoLassi, but NodeBB/MangoLassi, and WordPress is Zend/WordPress. Funny how nobody else on the entire planet other than Stallman makes a requirement of software using libraries he hasn't contributed to in 30 years.
</my non-contribution to conversation>