I'm under attack I need help in ssh
-
@coliver said in I'm under attack I need help in ssh:
Would be a good idea to setup fail 2 ban as well.
I hope at some point in the future they make the setup a little easier. It's fairly daunting for a new person. Pam_tally2 and faillock are fairly easy to set up, but rely on PAM. Would be nice to have a middle ground.
-
@tiagom said in I'm under attack I need help in ssh:
From the original post looks like you are using dropbear ssh.. config should be /etc/config/dropbear
Looks like you need to set
option PasswordAuth 'off'
https://wiki.openwrt.org/doc/uci/dropbear has more details as i couldn't (quickly) find official documentation.
Good catch, I didn't notice that.
-
@coliver said in I'm under attack I need help in ssh:
Would be a good idea to setup fail 2 ban as well.
Agreed.
-
there is no config folder in the /etc/ directory but i found dropbear folder in the /etc/ directory and it contain tow files
dropbear _dss_host_key
dropbear _rsa_host_keyany idea
-
What about under /etc/default/dropbear
What distro and pbx are you running so we can stop guessing.
-
@tiagom no there no under /etc/default/dropbear
sorry Tiagom im new in Linux
the pbx is Panasonic gsm gateway -
@tiagom Linux version 3.0.76-4.i586 gcc version 4.4.1 ( GCC)
-
It looks like you need to set
DROPBEAR_EXTRA_ARGS="-s"
in the dropbear init file.
https://github.com/mkj/dropbear/blob/master/debian/dropbear.init
*It states Do not configure this file. Edit /etc/default/dropbear instead! in the latest version. Your version maybe older or modified by panasonic since /etc/default/dropbear doesnt exist..
Arg found here
http://linux.die.net/man/8/dropbear
But honestly, if there is a firewall in front of this pbx box it maybe easier to do it there.
-
@tiagom so what do you think i must do to stop hackers and right now one hacker he made the gateway reboots like 100 time
is there a way that i can block him
-
@tiagom please see this link
http://manpages.ubuntu.com/manpages/precise/man8/dropbearkey.8.htmldo you think it will help and honestly if you can guide me on how to do it .
it will be nice from you -
Its difficult to suggest without knowing the environment..
The simplest is change passwords if its compromised.
If its behind a firewall you can block traffic on port 22 unless its from your ip..
-
@tiagom ummmm....
-
@inroute said in I'm under attack I need help in ssh:
@tiagom ummmm....
@tiagom is exactly right. You have a Panasonic device on your network, it should be behind your router/firewall, so just turn off port 22 at your router/firewall.
-
@inroute said in I'm under attack I need help in ssh:
@tiagom GNU/Linux
That's a family but not an OS. OS would be like CentOS, Ubuntu, etc.
-
@inroute said in I'm under attack I need help in ssh:
@tiagom so what do you think i must do to stop hackers and right now one hacker he made the gateway reboots like 100 time
is there a way that i can block him
@inroute said in I'm under attack I need help in ssh:
@tiagom so what do you think i must do to stop hackers and right now one hacker he made the gateway reboots like 100 time
is there a way that i can block him
What is the gateway? It's just an Ubuntu server? -
@scottalanmiller said in I'm under attack I need help in ssh:
@inroute said in I'm under attack I need help in ssh:
@tiagom GNU/Linux
That's a family but not an OS. OS would be like CentOS, Ubuntu, etc.
GNU/Linux is pig tail riding on behalf of Richard Stallman. If it's GNU/Linux, then this is actually not MangoLassi, but NodeBB/MangoLassi, and WordPress is Zend/WordPress. Funny how nobody else on the entire planet other than Stallman makes a requirement of software using libraries he hasn't contributed to in 30 years.
</my non-contribution to conversation>
-
@JaredBusch said in I'm under attack I need help in ssh:
@inroute said in I'm under attack I need help in ssh:
@tiagom ummmm....
@tiagom is exactly right. You have a Panasonic device on your network, it should be behind your router/firewall, so just turn off port 22 at your router/firewall.
Better yet, do that, and change the port of sshd all together to something much higher. Yes, it's sort of "security through obscurity," but it will avoid constant bot attacks and so forth, but anyone directly wanting to attack the machine can easily find the information if it's open to the public Internet.