SSHD on a different port

Hello,

To decrease sniffing and brute force I plan to change the default SSH port. Will it be an impact on inteworx-cp ?

I think about remote backup, dns_sync, api, … and everything that might use ssh in interworx

Thanks

Pascal

I was going to do this to, but instead decided to block port 22 with APF. I just whitelist my static IP address so I can access. If i need SSH and im not at home I can just log into NodeWorx and whitelist whatever IP I am on.

Hi

Yes it might be q solution. But our IP are not static :slight_smile:

Do you do some dns_sync ? remote backup (ie on nas ) ?

Thanks

Pazcal

I do remote backups manually to my PC which is whitelisted.

But if you dont have a static IP then this is probably not the solution for you :frowning:

You could always just use hosts.allow / hosts.deny which would allow you to limit who gets access to your server rather than just “hiding” it on another port. Anyone that knows what they’re doing could just nmap your server and find the sshd. Well, besides the majority of script kiddies out there.

Another thing I thought of is to allow a block of IPs.

So basically all the block you usually get from ISP DHCP server.

192.168.0.0/24

Oups, reopen an old one, but the subject is coming back to me…

Not sure to understand what you mean. Ok you whitelist your static IP, but how to you block all others for SSH ?

Pascal

maybe you spoke about hosts.allow and hosts.deny ?

hosts.allow –> SSHD: yourip
hosts.deny —> SSHD: ALL

Is it what you was talking about

Firewall and ssh

Just set at the ports TcpIn TcpOut on ssh as closed
and add all the ips you want to trusted ips.

As nodeworx help defines:

The port rules defined here will apply to all incoming IPs that are not defined in either the Trusted or Blocked IP list above.
:slight_smile:

[QUOTE=ugh82;13083]Just set at the ports TcpIn TcpOut on ssh as closed
and add all the ips you want to trusted ips.

As nodeworx help defines:

The port rules defined here will apply to all incoming IPs that are not defined in either the Trusted or Blocked IP list above.
:)[/QUOTE]

Yes it is a solution, indeed !

So we have 2 solutions there :
The hosts.allow and hosts.deny to block all sshd request from them
or the APF one

Any comments about advantage/inconvenient ?

The main advantage I see with the APF one is you can always access nodeworx and change the APF rule in case of problem. With the hosts.allow and hosts.deny, then, you have to find a console !

Any others ?

Pascal

Me , I prefer the APF because my server is in florida (sago) and I’m in Greece… :slight_smile:

[QUOTE=pascal;13086]The main advantage I see with the APF one is you can always access nodeworx and change the APF rule in case of problem. With the hosts.allow and hosts.deny, then, you have to find a console ![/QUOTE]This is actually a pretty big one. B/c for example if I am at a clients office and I need to get on SSH for some emergency or something then I just have to pop on to nodeworx and then either allow SSH or add the IP im on to the whitelist in APF and then I can get to the shell.

[QUOTE=pascal;7177]Hello,

To decrease sniffing and brute force I plan to change the default SSH port. Will it be an impact on inteworx-cp ?

I think about remote backup, dns_sync, api, … and everything that might use ssh in interworx

Thanks

Pascal[/QUOTE]

You can safely change the SSH port. InterWorx doesn’t use SSH to perform any of the clustering functions or dns sync. ‘remote backup’ is a little vague, so I’d need to know exactly what you meant to answer that one.

[QUOTE=pascal;13086]Yes it is a solution, indeed !

or the APF one

Any comments about advantage/inconvenient ?[/QUOTE]

I’ve been doing the same as Justec - no issues. Block all and allow via Trusted IPs whenever I require access. The best part is, you don’t eat CPU constantly blocking the brute force attempts, as the port is naturally closed.

JB

i tried them both
hosts.allow and hosts.deny i got locked out of my server when the ip changed, so that was a disadvantage of that option.
APF used that for a while but login from different ips meant i had to login to nodeworx each time first but i would say this is the best of the 2 options.

I personally have changed the SSH port and that suits me better, not found any problems so far and i am running latest RC.
Any one found a solution for attacks on the ftp port 21, i get quit a few each day on that one trying to get access.

[QUOTE=JayBaen;13095]I’ve been doing the same as Justec - no issues. Block all and allow via Trusted IPs whenever I require access. The best part is, you don’t eat CPU constantly blocking the brute force attempts, as the port is naturally closed.

JB[/QUOTE]

Yes it seems to be the best solution :slight_smile:

The problem is that with a cluster on a private network it seems there is some pbm with AP?F on the nodes. So APF is disabled on my node, but active on the cm (I have mysql connexion lost when apf is active on the node :\ )

Thanks to all for your comments and returns

Pascal