Segurança SSH - Tentativas de conexão [RESOLVIDO]

1. Segurança SSH - Tentativas de conexão [RESOLVIDO]

Neo_X
(usa CentOS)

Enviado em 20/01/2013 - 18:38h

Olá pessoal, gostaria de uma opinião para bloquear as tentativas de login via SSH.

Alguém saberia me dizer qual é a melhor maneira de bloquear esses tipos de tentativas de login via SSH, sem desativar o serviço?

Jan 20 18:35:01 fwjnd sshd[30838]: Invalid user msbuild from 223.202.5.41
Jan 20 18:35:01 fwjnd sshd[30841]: input_userauth_request: invalid user msbuild
Jan 20 18:35:01 fwjnd sshd[30840]: Invalid user sajin from 223.202.5.41
Jan 20 18:35:01 fwjnd sshd[30843]: input_userauth_request: invalid user sajin
Jan 20 18:35:01 fwjnd sshd[30839]: Invalid user junsun from 223.202.5.41
Jan 20 18:35:01 fwjnd sshd[30842]: input_userauth_request: invalid user junsun
Jan 20 18:35:01 fwjnd sshd[30838]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:35:01 fwjnd sshd[30838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.202.5.41
Jan 20 18:35:01 fwjnd sshd[30838]: pam_succeed_if(sshd:auth): error retrieving information about user msbuild
Jan 20 18:35:01 fwjnd sshd[30840]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:35:01 fwjnd sshd[30840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.202.5.41
Jan 20 18:35:01 fwjnd sshd[30840]: pam_succeed_if(sshd:auth): error retrieving information about user sajin
Jan 20 18:35:01 fwjnd sshd[30839]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:35:01 fwjnd sshd[30839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.202.5.41
Jan 20 18:35:01 fwjnd sshd[30839]: pam_succeed_if(sshd:auth): error retrieving information about user junsun
Jan 20 18:35:02 fwjnd sshd[30844]: Invalid user rcrao from 223.202.5.41
Jan 20 18:35:02 fwjnd sshd[30845]: input_userauth_request: invalid user rcrao
Jan 20 18:35:02 fwjnd sshd[30844]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:35:02 fwjnd sshd[30844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.202.5.41
Jan 20 18:35:02 fwjnd sshd[30844]: pam_succeed_if(sshd:auth): error retrieving information about user rcrao
Jan 20 18:35:02 fwjnd sshd[30846]: Invalid user fmp from 223.202.5.41
Jan 20 18:35:02 fwjnd sshd[30847]: input_userauth_request: invalid user fmp
Jan 20 18:35:03 fwjnd sshd[30846]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:35:03 fwjnd sshd[30846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.202.5.41
Jan 20 18:35:03 fwjnd sshd[30846]: pam_succeed_if(sshd:auth): error retrieving information about user fmp
Jan 20 18:35:03 fwjnd sshd[30848]: Invalid user naluwan from 223.202.5.41
Jan 20 18:35:03 fwjnd sshd[30849]: input_userauth_request: invalid user naluwan
Jan 20 18:35:04 fwjnd sshd[30844]: Failed password for invalid user rcrao from 223.202.5.41 port 27929 ssh2
Jan 20 18:35:04 fwjnd sshd[30848]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:35:04 fwjnd sshd[30848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.202.5.41
Jan 20 18:35:04 fwjnd sshd[30848]: pam_succeed_if(sshd:auth): error retrieving information about user naluwan
Jan 20 18:35:04 fwjnd sshd[30838]: Failed password for invalid user msbuild from 223.202.5.41 port 19681 ssh2
Jan 20 18:35:04 fwjnd sshd[30840]: Failed password for invalid user sajin from 223.202.5.41 port 9262 ssh2
Jan 20 18:35:04 fwjnd sshd[30839]: Failed password for invalid user junsun from 223.202.5.41 port 27356 ssh2
Jan 20 18:35:04 fwjnd sshd[30845]: Received disconnect from 223.202.5.41: 11: Bye Bye

0 0

Quote

2. MELHOR RESPOSTA

danniel-lara
(usa Fedora)

Enviado em 20/01/2013 - 18:50h

tu podes alterar a porta do seu ssh

1 0

Quote

3. Re: Segurança SSH - Tentativas de conexão [RESOLVIDO]

Neo_X
(usa CentOS)

Enviado em 20/01/2013 - 19:00h

Velho, obrigado pela dica, não tinha pensado nisso.
Troquei a porta na conf e no firewall, agora está ok..

Obrigado!!!

0 0

Quote

4. Re: Segurança SSH - Tentativas de conexão [RESOLVIDO]

danniel-lara
(usa Fedora)

Enviado em 20/01/2013 - 19:02h

pedrophsp escreveu:

Velho, obrigado pela dica, não tinha pensado nisso.
Troquei a porta na conf e no firewall, agora está ok..

Obrigado!!!

tranquilo , qualquer dúvida estamos ai

0 0

Quote

5. Re: Segurança SSH - Tentativas de conexão [RESOLVIDO]

alanwds1
(usa CentOS)

Enviado em 16/03/2016 - 09:38h

Cara, se for realmente necessário manter a porta 22 aberta pra internet, você pode usar o port knocking:

https://www.digitalocean.com/community/tutorials/how-to-use-port-knocking-to-hide-your-ssh-daemon-fr...

Mas o melhor seria filtrar via firewall o acesso SSH somente à determinados IPs (se você sabe quais são). Usar VPN também seria uma alternativa e claro, mudar a porta SSH (conforme nosso amigo já sugeriu).

0 0

Quote