Have I successfully blocked ssh logins to root? (lemmy.ml)

submitted 11 months ago by cyberwolfie@lemmy.ml to c/linux@lemmy.ml

22 comments fedilink hide all child comments

I have a server where I believe I have disabled root login via ssh. I think it is done correctly, as I cannot login with root myself via ssh, but I would've thought that it would be reflected in /var/log/auth.log. Instead, it shows up as failed password entry. Is this intended?

What I've done is to uncomment the PermitRootLogin no line in /etc/ssh/sshd_config. Rest of the config file is left at default.

Bonus question: All login attempts by ssh seems to go over some random port (even my own successful logins). Why is this?

you are viewing a single comment's thread
view the rest of the comments

[-] starkzarn@infosec.pub 13 points 11 months ago

That all sounds correct to me. The random port you're seeing in the logs is a high port, often referred to as an ephemeral port, and it is common for source ports. All good there.

[-] cyberwolfie@lemmy.ml 3 points 11 months ago

Ok, thanks - so if I understand correctly then, it is listening on port 22 as a default, and not accepting traffic on any port.

That brings of the question: wouldn't I be better off changing the SSH-port? And is that so easy as to uncomment the #Port 22 line in the config file and changing the port number to something random, and saving that somewhere? Would I then be able to connect by running ssh myuser@mydomain.com:, or would I need to do anything else to successfully connect?

[-] grant@toast.ooo 2 points 11 months ago

It’s recommended you keep the default port because as soon as your IP is known it takes less than 5 minutes to scan every port for an ssh port

[-] cyberwolfie@lemmy.ml 1 points 11 months ago

It’s recommended you keep the default port because as soon as your IP is known it takes less than 5 minutes to scan every port for an ssh port

Fair point! I first thought that would be good, as it would discourage all those random connections. My guess is that they won't bother spending 5 minutes on each server, and instead just move on to the next when they fail. But then I realized that I don't really care about those anyway as they're not getting anywhere with their root:mypassword login attempts.

load more comments (5 replies)

this post was submitted on 10 Nov 2023

34 points (90.5% liked)

Linux

47754 readers

1237 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz