Group Actions
Engagement
  • Author Author: screamingtiger
  • Date Created: Date Created
  • Views 478 views
  • Likes 2 likes
  • Comments 2 comments
Related
Recommended

Raspberry Pi Tips and tricks

screamingtiger

Going to be adding to this as I come across them.

 

I am more of a command line person, so I like to SSH remotely into my RPi in order to do work over my lunch break from work.  This means I want to open up Port 22 on my RPi.

However, I recently opened up port 22 and within 1 day I noticed in my /var/log/auth.log I had numerous invalid login attempts.  There are people running scripts AKA "Script Kiddies" that going around probing random IP addresses for port 22, then it begins a brute force login attack.  It kept trying to login as root.  While they wont get it, it is draining my resources, filling up my logs, and hurting my latency to the internet.

 

There a couple of ways around this but I also ran into one other issue.  My work's network blocks outgoing SSH.  So I found a simple solution to solve both problems.  I put my SSH port on port 443.  Port 443 is reserved for HTTPS and it works!  Further, the script kiddies ignore that open port.  The only oddity you may have is in your auth.log you may see a message about an invalid protocol identifier.

 

You can see how to change the default SSH port by following this link.

http://linuxlookup.com/howto/change_default_ssh_port


Parents


  • Changing a port number is "security through obscurity" but since I am mainly worried about these scripts trying to log in all the time, I think it is suffice.

    The other way is to setup a password-less login that  requires a key file to be installed on the client machine.  You wont even get a login prompt unless you have the key.  That's probably the best way but not good if you like to login remotely from random places.

     

    Someone mentioned also changing Login: to some thing like "Enter your username" can basically stop a lot of them too.

Comment


  • Changing a port number is "security through obscurity" but since I am mainly worried about these scripts trying to log in all the time, I think it is suffice.

    The other way is to setup a password-less login that  requires a key file to be installed on the client machine.  You wont even get a login prompt unless you have the key.  That's probably the best way but not good if you like to login remotely from random places.

     

    Someone mentioned also changing Login: to some thing like "Enter your username" can basically stop a lot of them too.

Children
No Data