[olug] Email a report on SSH

David Cannon medaveduh at gmail.com
Fri Apr 20 21:50:49 UTC 2012


Thanks for the great information!  I have been using it as a proxy for my
web traffic and most places block port 22, so I was running it on 443 so
the traffic looks normal.  Havent found a place that is blocking 443 yet.
 I will try the IP tables rules and see what I can get to work out.  I will
also see about fail2ban as well.  Thanks again!  I will let you all know
how it goes.
Dave

On Fri, Apr 20, 2012 at 3:05 PM, Sam Flint <harmonicnm7h at gmail.com> wrote:

> just use a vpn
>
> On Fri, Apr 20, 2012 at 2:33 PM, DYNATRON tech <dynatron at gmail.com> wrote:
> > ++ for fail2ban
> > ++ for using alternate ports
> > vi etc/ssh/sshd_config (dont forget to restart service)
> > On Apr 20, 2012 11:56 AM, "Lou Duchez" <lou at paprikash.com> wrote:
> >
> >> Fair enough; fail2ban isn't wedded to port 22, so you can reconfigure it
> >> for a different port.
> >>
> >>  I wouldn't run SSH on port 22, too much noise to deal with.
> >>> On Apr 20, 2012 11:22 AM, "Lou Duchez"<lou at paprikash.com>  wrote:
> >>>
> >>>  You probably want to look into Fail2Ban.  It monitors your logs for
> >>>> failed
> >>>> login attempts from a given IP (usually a certain number in a given
> >>>> span),
> >>>> and then responds as you tell it to: it can (temporarily or
> permanently)
> >>>> block that IP for port 22, it can send you an E-Mail, it can do both.
>  I
> >>>> haven't ever tried to make Fail2ban cough up failed login details, but
> >>>> maybe there's a way to do that.
> >>>>
> >>>> I don't consider a server tolerably secure until I've got Fail2Ban
> going
> >>>> for SSH, FTP, POP3, IMAP, SMTP, and even SquirrelMail.
> >>>>
> >>>> How it works: Fail2Ban monitors the logs you specify and looks for the
> >>>> regular expressions you specify (not to worry, it comes with a bunch
> of
> >>>> examples you can flip on).  If it needs to block a port, it adds an
> entry
> >>>> to iptables on the fly.
> >>>>
> >>>>
> >>>>  Hello,
> >>>>
> >>>>> I have set up an SSH tunnel into an Ubuntu 10.10 machine.  I disabled
> >>>>> passwords and only use a private key.  I have been using it to proxy
> my
> >>>>> web
> >>>>> traffic securely when I travel.  Sometimes you just cant trust any
> old
> >>>>> WIFI.    Recently my log files have been a little large.  the
> >>>>> /var/log/auth.log file is showing multiple attempts to login.  I have
> >>>>> turned the logging to verbose so I can see what is going on but I am
> not
> >>>>> home all of the time.  This brings me to the issue.
> >>>>>
> >>>>> I have two questions.
> >>>>>
> >>>>> 1.  I was looking into port security and came across "Knocking".  Has
> >>>>> anyone used "Knocking" to open a port?
> >>>>>
> >>>>> 2.  Anyone know a good place to get information on the setting it up
> to
> >>>>> email me when someone tries to log in? I want to know the
> originating IP
> >>>>> address and the password they used.  Passwords will all fail but I
> would
> >>>>> like to know if someone is foolishly trying to brute force it and
> where
> >>>>> they are coming from.  I would like an email sent to me each time it
> >>>>> happens.  I did find a couple sites detailing a way to email when
> >>>>> someone
> >>>>> logs in, but I am more interested in finding out when someone fails.
> >>>>>
> >>>>> Any info you could pass on would be great.
> >>>>> Thanks,
> >>>>> David
> >>>>> ______________________________****_________________
> >>>>> OLUG mailing list
> >>>>> OLUG at olug.org
> >>>>> https://lists.olug.org/****mailman/listinfo/olug<
> https://lists.olug.org/**mailman/listinfo/olug>
> >>>>> <https://**lists.olug.org/mailman/**listinfo/olug<
> https://lists.olug.org/mailman/listinfo/olug>
> >>>>> >
> >>>>>
> >>>>>  ______________________________****_________________
> >>>> OLUG mailing list
> >>>> OLUG at olug.org
> >>>> https://lists.olug.org/****mailman/listinfo/olug<
> https://lists.olug.org/**mailman/listinfo/olug>
> >>>> <https://**lists.olug.org/mailman/**listinfo/olug<
> https://lists.olug.org/mailman/listinfo/olug>
> >>>> >
> >>>>
> >>>>  ______________________________**_________________
> >>> OLUG mailing list
> >>> OLUG at olug.org
> >>> https://lists.olug.org/**mailman/listinfo/olug<
> https://lists.olug.org/mailman/listinfo/olug>
> >>>
> >>
> >> ______________________________**_________________
> >> OLUG mailing list
> >> OLUG at olug.org
> >> https://lists.olug.org/**mailman/listinfo/olug<
> https://lists.olug.org/mailman/listinfo/olug>
> >>
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
>
>
>
> --
> Sam Flint
> flintfam.org/~swflint
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>



More information about the OLUG mailing list