[server-admins] Server SSH Access

Peter von Kaehne refdoc at gmx.net
Mon Oct 5 21:14:03 MST 2015 

That and fail2ban will improve your lot a lot. 

Sent from my phone. Apologies for brevity and typos.On 5 Oct 2015 11:40 pm, "Troy A. Griffitts" <scribe at crosswire.org> wrote:
>
> Dear all, 
>
> With the crazy amount of brute force attempts to login to our server via 
> SSH, and since it's been 20 years since we've actually removed any 
> accounts on the server, I'd like to do 2 things: 
>
> 1) Could everyone please upload your public key to 
>
> $HOME/.ssh/authorized_keys2 
>
> and assure you can login to your account via your key pair. 
>
> Permissions and ownership need to be set exactly as: 
>
> [scribe at www .ssh]$ pwd 
> /home/scribe/.ssh 
> [scribe at www .ssh]$ ls -lat 
> total 16 
> drwx--x--x. 39 scribe scribe 4096 Sep 30 10:24 .. 
> drwx------.  2 scribe scribe 4096 Apr 27 14:19 . 
> -rw-r--r--.  1 scribe scribe 1938 Aug  9  2013 known_hosts 
> -rw-r--r--.  1 scribe scribe  610 Nov  4  2010 authorized_keys2 
>
>
> That's: 
> 711 on your home folder 
> 700 on your $HOME/.ssh 
> and 644 on $HOME/.ssh/authorized_keys2 
>
> Ownership and group need to be yours personally. 
>
> If you have questions or need help, please ask. 
>
> 2) After everyone here is working well, we'll turn off password 
> authentication access via SSH.  I'll do a last on the server and see who 
> else is actively using the server over the past year and who isn't also 
> on our admins and private lists and let them know.  We'll keep keep all 
> accounts around for the remainder of the year and then archive off 
> anyone who hasn't accessed their account in 2015. 
>
> Reading about Linux botnets who grow via SSH brute force password hacks 
> has made it evidently clear that we should not allow password access via 
> SSH. 
>
> Martin Gruner (I believe he's still on one of these lists) wanted to 
> switch to key-based SSH login years ago, and I decided against it 
> because my thoughts were: If someone gets my device, they can login to 
> all system which have my public key authorized.  But now I am convinced 
> that this seems less likely than a brute force hack of any of a number 
> of ancient accounts on the server. 
>
> Also, it seems about time to clean things up a bit. 
>
> Hope everyone is well, 
>
> Troy 
>
>
>
>
>
>
> _______________________________________________ 
> server-admins mailing list 
> server-admins at crosswire.org 
> http://www.crosswire.org/mailman/listinfo/server-admins

More information about the server-admins mailing list