Recommended Posts

I'm getting confused and need some help.

I have a mythtv server setup in a diffrent state. This is for preperation for my move to germany so I can get the TV shows I watch and sftp them to me.

I use mythweb to control what is recorded. I use ssh for all other work like transcoding video to mpeg 4 for transfer and system administration.

that all works great.

my problem. every day at about 20:00 someone tries to hack my ssh login. they are going in in the wrong dirrection now and every time I block the incomming address on my firewall down there but I belive they are ip spoofing as at 20:00 the next day a differnt address tries the saem thing. everytime I track the address it to a bussiness in diffrent places. the current is korea and the other have been in new york.

so while I only have one user name that can log in and a complex password (caps,nubers meta char and so on) I worry that one day they may guess my username and then my password.

as its remote I can't just shut ssh off with a script because if anything goes wrong it may be days before I can talk some one into going to the box and mess with it (its my brother what does he care if I see my shows).

so I what to set up a rsa ssh2 key log in with passphrase.

so I have created the rsa keys

I have placed the into my /home/user/.ssh/auterized_keys2 file

I have tested and whtn I log in as that user from a user it the correct key in their folder it works .its ask for my passphrase and I am logged in.

but If I ssh from say another box with ssh -l username (ipaddress) it ask for a password and im back to the same game as before.

What I need to do is only allow rsa login. this way I can be sure that people can only log in who have my key and my passphrase.

here is my sshd_config file

please let me know what I am missing.

# $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $

# This is the sshd server system-wide configuration file. See

# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented. Uncommented options change a

# default value.

#Port 22

Protocol 2


#ListenAddress ::

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

#ServerKeyBits 768

# Logging

#obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH

#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

PermitRootLogin no

#StrictModes yes

#RSAAuthentication yes

PubkeyAuthentication yes

#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!

#PasswordAuthentication yes

#PermitEmptyPasswords no

# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication (via challenge-response)

# and session processing. Depending on your PAM configuration, this may

# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'

UsePAM yes

#AllowTcpForwarding yes

#GatewayPorts no

X11Forwarding yes

X11DisplayOffset 10

#X11UseLocalhost yes

#PrintMotd yes

#PrintLastLog yes

#TCPKeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

#Compression yes

#ClientAliveInterval 0

#ClientAliveCountMax 3

#UseDNS yes

#PidFile /var/run/

#MaxStartups 10

# no default banner path

#Banner /some/path

# override default of no subsystems

Subsystem sftp /usr/lib/misc/sftp-server

Link to post
Share on other sites

Dec 8 02:35:38 [sshd] Failed password for illegal user test from port 4040 ssh2

Dec 8 02:35:43 [sshd] Failed password for illegal user guest from port 4111 ssh2

Dec 8 02:35:47 [sshd] Failed password for illegal user admin from port 4207 ssh2

Dec 8 02:35:51 [sshd] Failed password for illegal user admin from port 4310 ssh2

Dec 8 02:35:56 [sshd] Failed password for illegal user user from port 4401 ssh2

Dec 8 02:36:01 [sshd] Failed password for root from port 4512 ssh2

Dec 8 02:36:05 [sshd] Failed password for root from port 4607 ssh2

Dec 8 02:36:10 [sshd] Failed password for root from port 4733 ssh2

Dec 8 02:36:14 [sshd] Failed password for illegal user test from port 4825 ssh2

this is the lame attempts I have been gettnig so far.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.