[olug] Email a report on SSH

Matthew G. Marsh olug4mgm at paktronix.com
Mon Apr 23 20:37:26 UTC 2012 

I use Ostiary coupled with custom scripts (which is what it essentially 
requires) to open sshd on specific ports for specific inbound addresses.

Check out http://ingles.homeunix.net/software/ost/get.html

Note that it does require a static port but it reads the IP address on the 
incoming packet to pass to the scripts so I have used it quite 
successfully from hotels that only allow NAT. I have a few different 
"messages" setup, one of which changes the netmask on the incoming IP from 
/32 to /26 to get around PAT setups with pooled IPs.

Nice thing is you can run multiple "messages" and the Android client 
ROCKS! I use it with my Galaxy 10 tab to get remote secure access to many 
machines.

If you decide to play with it ask and I can provide some sample scripts I 
have run. Usually use a static compiled dedicated SSH server running very 
specific lockdowns with it but if you are on a distro those can usually 
work.

mgm

On Fri, 20 Apr 2012, David Cannon wrote:

> Hello,
> I have set up an SSH tunnel into an Ubuntu 10.10 machine.  I disabled
> passwords and only use a private key.  I have been using it to proxy my web
> traffic securely when I travel.  Sometimes you just cant trust any old
> WIFI.    Recently my log files have been a little large.  the
> /var/log/auth.log file is showing multiple attempts to login.  I have
> turned the logging to verbose so I can see what is going on but I am not
> home all of the time.  This brings me to the issue.
>
> I have two questions.
>
> 1.  I was looking into port security and came across "Knocking".  Has
> anyone used "Knocking" to open a port?
>
> 2.  Anyone know a good place to get information on the setting it up to
> email me when someone tries to log in? I want to know the originating IP
> address and the password they used.  Passwords will all fail but I would
> like to know if someone is foolishly trying to brute force it and where
> they are coming from.  I would like an email sent to me each time it
> happens.  I did find a couple sites detailing a way to email when someone
> logs in, but I am more interested in finding out when someone fails.
>
> Any info you could pass on would be great.
> Thanks,
> David
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>

--------------------------------------------------
Matthew G. Marsh
Special Email Addr for OLUG ;-}
Phone: (402) 932-7250
Email: olug4mgm at paktronix.com
WWW:  http://www.paksecured.org
--------------------------------------------------

More information about the OLUG mailing list