this post was submitted on 10 Nov 2023
31 points (89.7% liked)

Linux

48186 readers
1898 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I have a server where I believe I have disabled root login via ssh. I think it is done correctly, as I cannot login with root myself via ssh, but I would've thought that it would be reflected in /var/log/auth.log. Instead, it shows up as failed password entry. Is this intended?

What I've done is to uncomment the PermitRootLogin no line in /etc/ssh/sshd_config. Rest of the config file is left at default.

Bonus question: All login attempts by ssh seems to go over some random port (even my own successful logins). Why is this?

you are viewing a single comment's thread
view the rest of the comments
[–] siph@feddit.de 10 points 1 year ago (2 children)

You would need to specify the new port when using ssh (using the -p$PORT option). Just keep in mind that security through obscurity is not considered secure in itself. You could instead consider a service like fail2ban that automatically blocks connections from certain sources depending on your set parameters.

[–] Tanoh@lemmy.world 6 points 1 year ago

You would need to specify the new port when using ssh (using the -p$PORT option).

You can put a host entry for it in .ssh/config specifying the port.

[–] cyberwolfie@lemmy.ml 3 points 1 year ago (1 children)

Just keep in mind that security through obscurity is not considered secure in itself.

Do you consider it to not be a helpful measure to take at all?

I have fail2ban configured - since it is reading from the auth.log, I guess I would not have to make any changes to the configuration there to have it work with a new port?

[–] siph@feddit.de 3 points 1 year ago* (last edited 1 year ago) (1 children)

It's a mixed bag. Personally I wouldn't use a non-standard port.

Consider that port numbers under 1024 are Privileged Ports. You would either have to make sure that no other privileged service is running on the port you want to use for SSH when using another privileged port or you need to make sure that no unprivileged program tries to use the same port as your SSH service when using a non-privileged. Overall it adds a bit of overhead and possible headaches for barely any gain.

Fail2ban should work with a different port without any further configuration but it might not.

[–] cyberwolfie@lemmy.ml 3 points 1 year ago

Alright, cheers - I'll leave it be as well then :)