Q: I have a gentoo box I ssh into bittorrent to run on the screen. I use SMB or SFTP to transfer files from the road to get. I will not allow root login to ssh. while looking through my logs yesterday, I saw someone trying to log in via SSH. I was not, and I am the only one who should be logging in. I keep the system pretty much up to date. I only have ports forwarded on my router for ssh and bittorrent. can anyone think of other things I need to do to my machine locked against intruders?
Best Answer: Consider SE Linux
http://www.nsa.gov/selinux/
Initiation au jardinage bio
Re:use pub/private key pairs with passphrase and move the default ssh port from 22 to something else, at least for non-local connections, ie use one machine as a SSH gateway to log into from the outside world whose port is something like 6891. from there you can log into anymachine on the lan on port 22 (still use keypairs)
there is a way to use opie with ssh, but its pretty much worthless since it only will protect you against keyloggers.
Navy Veterans of the USA
Re:If you want Debian has on it's install media the default minimal system tarball that you can use to build a chroot-based OS from. It'll use apt-get and all that.
something to play around with. Chroot is often used in stuff like ftp servers or webservers. Especially for know iffy programs like bind (dns server).
There are limits to chroot. Once I was doing a Gentoo install and I setup a ssh server on the install section so I could go to work and on break I was going to finish installing and setting up the OS. Well I forgot a step during early on in the install (like forgot to mount the /proc), and as you know your operating in a chroot'd enviroment. So basicly I needed to access the parent OS, but since sshd was running out of the chroot'd enviroement I could just exit out of chroot or it would log me out of the server.
So I looked up chroot exploits and found a C program. Once I fixed the built-in bug in the exploit and successfully compiled it and installed it I used it to break out of the chroot jail and redo the step that I missed during the install. Then once that was finished I was able to finish the rest of the install successfully. 
(lesson is that you should make sure never to allow any access to developement tools on a server)
AffiliAcademie
Re:thanks for the suggestion. i had not heard of chroot jails before. i suppose that it's not a good idea to try to use the python-based bittornado since i imagine i would have to include python in the jail. i guess i can take a look at ctorrent instead to see if it has fewer dependencies. it may be overkill though.
thanks for the linuxsecurity.com links.
Freedom Lifestyle Income Program
Re:For openssh you can set it up to use encrypted keypairs and a keyword… Set it up to only use protocol version 2. that sort of thing. See www.openssh.com
Maybe setup a chroot jail for bittorrent. I don't know if that is warrented though. Depends on how bittorrent works, I am not aware of any issues.
lots of places to go:
http://www.linuxsecurity.com/docs/Security-HOWTO
http://www.linuxsecurity.com/
http://www.linuxsecurity.com/advisories/
And this one is very interesting:
http://www.osvdb.org/
That's the open source vunerability database. It's not a vunerability of open source software, the idea is that you have a community run database that you can access over the internet. Literally access a database over the internernet for things like corporate security, security auditing tools, settting up studies. etc etc etc. No bias like those databases created by security companies…
Also has a RSS feed you can setup thru a rss reader to automaticly notify you of any recent exploits and their solutions. That sort of thing.
Efahren Sie alles über Twitter Facebook Youtube & Co
Re:You are definitely not alone in regards to ssh automated intrusion attempts. I seem to get them in spurts every few days. The scripts always try to login via semi-standard usernames like root, test, mysql, apache, a blank username, and a few others.
You can restrict iptables to only allow ssh connections from certain IP blocks but if you travel a lot or roam on various wireless networks that can quickly get cumbersome.
Not that it's necessarily a true increase in security but you could look into a port knocking solution.
Really, strong passwords and non-standard usernames and restricting IP blocks if possible is probably the best thing you can do against this. For a possible DOS against you you could run a script to automatically drop routes to any IP that gets a failed login attempt…
Gaidin
0 Comments.