VPS Security Security Options

I have something to add. You can add a layer of complexity to your SSH by having some fun with firewall rules.

I found this little gem after I just installed Centos4.1 on the machine I am about to send to colocate with you guys.

http://www.hostlibrary.com/A-Cure-fo...ck-195586.html

Code:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -m recent --rcheck --name SSH -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1600 -m recent --name SSH --set -j DROP
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1601 -m recent --name SSH --remove -j DROP
-A RH-Firewall-1-INPUT -j DROP

What this would allow is that in order to even enable SSH you have to first send a telnet unlock request to port 1600 then you can SSH into 22. When you are done with the port you can close it by telnetting to port 1601.

This also only unlocks port 22 for the location in which you performed the unlock command.

[charles]

Wow, thats awesome! Nice one!

Quote:

Originally Posted by charles

Wow, thats awesome! Nice one!

Also ... neither port 1600 and 1601 are even open. ipchains merely notices you trying to access it. So a general port scan might open ssh by telnetting 1600 but then might immediately close it when it hits 1601.

I wish I had the knowledge to come up with this stuff. I think this is a great way to lock your SSH. But in each case you should consider changing the ports you use to unlock, instead of just leaving them as 1600 and 1601

As he said on the page, you could also setup so that you have to hit two ports in a specific order to open up ssh. I think that this would make it bullet proof.

[chief]

Can someone point me to a good tutorial on linux user management? I want to disable root SSH access and create a user that has just about all the root abilities without having to 'sudo' everytime, is that possible?

what's wrong with sudo su - ?

[charles]

Quote:

Originally Posted by chief

Can someone point me to a good tutorial on linux user management? I want to disable root SSH access and create a user that has just about all the root abilities without having to 'sudo' everytime, is that possible?

You can give fine grained access wiith sudo, or plain stupid blanket root access with no password required. So if your issue is just having to enter you password you can avoid that (but would still need to prefix commands with sudo). Best would be to give limited access to certain script, with no password (again if entering your password is the issue). Otherwise rething your need for this.

You can also ceate a user and change their uid and group to 0. This is a root user with a different name, and not really advised either. About the only think you have achieved is allow root ssh by a different name.

hth
charles

[chief]

Quote:

Originally Posted by jpetrov

what's wrong with sudo su - ?

Duh, yeah, that works, thanks.

I was just looking at my secure logs, and noticed someone trying ssh access with tons of user names / pw combos. Is there a way to prevent these types of attacks?

[elix]

Quote:

Originally Posted by chief

Duh, yeah, that works, thanks.

I was just looking at my secure logs, and noticed someone trying ssh access with tons of user names / pw combos. Is there a way to prevent these types of attacks?

BFD can help with that.
http://rfxnetworks.com/bfd.php

[chief]

Quote:

Originally Posted by elix

BFD can help with that.
http://rfxnetworks.com/bfd.php

OK, forgive my ignorance...

I've installed BFD, is this just a notification tool though? Or is it actually denying requests?

[elix]

Quote:

Originally Posted by chief

OK, forgive my ignorance...

I've installed BFD, is this just a notification tool though? Or is it actually denying requests?

Yeah it integrates with APF so it will deny requests.