Difference between revisions of "EBC Exercise 16a ssh port number"

From eLinux.org
Jump to: navigation, search
(Initial info)
 
m
Line 16: Line 16:
 
  Jul 22 14:24:02 pocket sshd[2330]: pam_unix(sshd:session): session opened for user debian by (uid=0)
 
  Jul 22 14:24:02 pocket sshd[2330]: pam_unix(sshd:session): session opened for user debian by (uid=0)
  
Here you see normal activity.  I logged in as debian using the publickey that was setup with <code>ssh-copy-id</code>.
+
Here you see normal activity.  I logged in as '''debian''' using the publickey that was setup with <code>ssh-copy-id</code>.
  
Now try logging in as an invalid user.  Here I try '''yoder'''.
+
Now try logging in as an invalid user.  Here I tried <code>ssh yoder@bone</code> from the host.  
 
  bone$ '''journalctl | grep ssh'''
 
  bone$ '''journalctl | grep ssh'''
 
  Jul 22 15:38:10 pocket sshd[2507]: Failed password for invalid user yoder from 192.168.7.1 port 47942 ssh2
 
  Jul 22 15:38:10 pocket sshd[2507]: Failed password for invalid user yoder from 192.168.7.1 port 47942 ssh2
 
  Jul 22 15:38:16 pocket sshd[2507]: Connection closed by invalid user yoder 192.168.7.1 port 47942 [preauth]
 
  Jul 22 15:38:16 pocket sshd[2507]: Connection closed by invalid user yoder 192.168.7.1 port 47942 [preauth]
  
The login is rejected.   
+
The login is rejected.  One time I left a Beagle running with an externally accessible IP address.  Within a day there were dozens of login attempts. A quick way to see them is:
 +
bone$ '''journalctl | grep -i invalid'''
 +
Jul 22 15:38:04 pocket sshd[2507]: Invalid user yoder from 192.168.7.1 port 47942
 +
Jul 22 15:38:10 pocket sshd[2507]: Failed password for invalid user yoder from 192.168.7.1 port 47942 ssh2
 +
Jul 22 15:38:16 pocket sshd[2507]: Connection closed by invalid user yoder 192.168.7.1 port 47942 [preauth]
 +
 
 +
Make sure you don't use an easy to guess password.  You know they'll try '''debian''' as a user.
 +
 
 +
== Changing the port ssh uses ==
 +
You can easily change the port ssh uses.  By default it on port 22, so everyone will try it.  Change the port using:
 +
 
 +
bone$ '''sudo vi /etc/ssh/sshd_config'''
 +
Scroll to around line 13 and you'll see:
 +
'''#Port 22'''
 +
Remove the '''#''' and change the 22 to something greater than 1000, say 1022.  Then
 +
bone$ '''sudo systemctl restart sshd'''
 +
Now, what you login from your host you'll have to say which port to use:
 +
host$ '''ssh -p1022 bone'''
 +
 
 +
 
 +
 
  
 
{{YoderFoot}}
 
{{YoderFoot}}

Revision as of 13:41, 22 July 2020

thumb‎ Embedded Linux Class by Mark A. Yoder


If you leave your Beagle on a publicly exposed network (like Rose's) long you'll soon see login attempts from all over the world.

Here you'll learn how to see those attempts and how to change your ssh port number to avoid them.

journalctl

A quick way to see if anyone's been trying to access your Beagle is:

bone$ journalctl | grep ssh
Jul 22 14:17:11 pocket sh[936]: generic-board-startup: ssh
Jul 22 14:17:13 pocket sshd[964]: Server listening on 0.0.0.0 port 22.
Jul 22 14:17:13 pocket sshd[964]: Server listening on :: port 22.
Jul 22 14:24:02 pocket sshd[2328]: Connection closed by authenticating user debian 192.168.7.1 port 47886 [preauth]
Jul 22 14:24:02 pocket sshd[2330]: Accepted publickey for debian from 192.168.7.1 port 47888 ssh2: RSA SHA256:kkATqhiwy+v8EzXzJSV3jSrVEam/L+NF2yl8GFdvOBI
Jul 22 14:24:02 pocket sshd[2330]: pam_unix(sshd:session): session opened for user debian by (uid=0)

Here you see normal activity. I logged in as debian using the publickey that was setup with ssh-copy-id.

Now try logging in as an invalid user. Here I tried ssh yoder@bone from the host.

bone$ journalctl | grep ssh
Jul 22 15:38:10 pocket sshd[2507]: Failed password for invalid user yoder from 192.168.7.1 port 47942 ssh2
Jul 22 15:38:16 pocket sshd[2507]: Connection closed by invalid user yoder 192.168.7.1 port 47942 [preauth]

The login is rejected. One time I left a Beagle running with an externally accessible IP address. Within a day there were dozens of login attempts. A quick way to see them is:

bone$ journalctl | grep -i invalid
Jul 22 15:38:04 pocket sshd[2507]: Invalid user yoder from 192.168.7.1 port 47942
Jul 22 15:38:10 pocket sshd[2507]: Failed password for invalid user yoder from 192.168.7.1 port 47942 ssh2
Jul 22 15:38:16 pocket sshd[2507]: Connection closed by invalid user yoder 192.168.7.1 port 47942 [preauth]

Make sure you don't use an easy to guess password. You know they'll try debian as a user.

Changing the port ssh uses

You can easily change the port ssh uses. By default it on port 22, so everyone will try it. Change the port using:

bone$ sudo vi /etc/ssh/sshd_config

Scroll to around line 13 and you'll see:

#Port 22

Remove the # and change the 22 to something greater than 1000, say 1022. Then

bone$ sudo systemctl restart sshd

Now, what you login from your host you'll have to say which port to use:

host$ ssh -p1022 bone





thumb‎ Embedded Linux Class by Mark A. Yoder