[arm-allstar] NOTICE for user's with public ssh on port 222

Stu2 stu at stu2.net
Mon Mar 6 17:59:42 EST 2023 

There are a couple of other solutions. You can look at tailscale or 
zerotier. These services require an agent on WOPR and open outbound 
tunnels their servers. This way, there isn't anything to attack on the 
PI because there aren't any exposed ports for SSH.

David's solution is another quick fix you can try. Just pick a random, 
seldomly used port as he points out. That change is one or two lines in 
the ssh config file. You can do that right away.

If you don't go with tailscale, zerotier or teleport (as another person 
pointed out), I would recommend setting up 2 factor authentication and 
use certificates instead of passwords. There are lots of instructions 
about setting up certificates and 2 factor auth. (e.g. google 
authenticator app on your phone for the one time password.)

73 and good luck!

W7IY

On 3/6/23 17:43, kd6gdb--- via ARM-allstar wrote:
> Thanks to all,
>
> I like the fail2ban solution and use it alot for my other servers but am
> concerned with the overhead. Obviously the double edge sword here is what
> uses more resources, the constant pounding on my poor little RPi3 node from
> bots around the world that think I am the back door to the "NORAD
> supercomputer known as WOPR (War Operation Plan Response, pronounced
> "whopper"), programmed to continuously run war simulations and learn over
> time" - see the movie WARGAMES (1983) for background or moving dull ham
> radio audio from the world most obnoxious repeater in Los Angeles.
>
> On Mon, Mar 6, 2023 at 1:47 PM stanley stanukinos via ARM-allstar <
> arm-allstar at hamvoip.org> wrote:
>
>> Use fail to ban and input the blocks from those ranges. Drop all packets
>> do not respond to icmp. They start their probing there.
>>
>> Stan
>>
>> Sent from my iPhone
>>
>>> On Mar 6, 2023, at 2:39 PM, Joe Moskalski via ARM-allstar <
>> arm-allstar at hamvoip.org> wrote:
>>> I have addressed this issue with 2 solutions. One is ban all the IP
>> ranges
>>> from India, China and Russia in my firewall. It's not very surgical but
>>> it's effective. The other is setup a L2TP VPN and not make the SSH port
>>> open to the public only being able to access it through the VPN.
>>>
>>>> On Mon, Mar 6, 2023, 2:13 PM kd6gdb--- via ARM-allstar <
>>>> arm-allstar at hamvoip.org> wrote:
>>>>
>>>> Where did this get to? One of my private nodes has seemed to have
>> become a
>>>> favorite in India with over 500 attempts per hour.
>>>>
>>>> [root at Node1502 local]# strings /var/log/btmp | grep -v '[a-zA-Z]'
>> |sort -u
>>>> 103.246.240.30
>>>> 104.168.64.249
>>>> 113.20.31.42
>>>> 119.93.23.178
>>>> 128.199.246.42
>>>> 134.17.89.159
>>>> 137.184.37.163
>>>> 164.163.104.184
>>>> 164.90.229.196
>>>> 167.233.7.218
>>>> 170.64.178.90
>>>> 177.72.99.10
>>>> 190.144.141.210
>>>> 192.241.157.114
>>>> 31.41.244.124
>>>> 36.255.221.147
>>>> 43.129.201.229
>>>> 47.243.106.91
>>>>
>>>> [root at Node1502 local]# uptime
>>>> 10:04:55 up * 1:06, * 1 user,  load average: 0.11, 0.18, 0.17
>>>>
>>>> [root at Node1502 local]# strings /var/log/btmp | grep -v '[a-zA-Z]' |wc
>>>>     *505*     505    7296
>>>>
>>>> On Sun, Apr 5, 2020 at 7:38 PM "Al Beard via ARM-allstar" <
>>>> arm-allstar at hamvoip.org> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> This will get you the SSHD info to check:
>>>>>
>>>>> journalctl _COMM=sshd -n 1000 > sshd.log
>>>>>
>>>>> Fedora linux uses "systemd" but still creates most of the "standard"
>>>>> unix log files such that sys-admin's scripts will still mostly work.
>>>>>
>>>>> I've been using Fedora on ARM systems because they put quite an effort
>>>>> into supporting many many boards AND I could move the root (/)
>> filesystem
>>>>> onto a real hard disk either USB or SATA (as in the Banana Pi) and have
>>>> no
>>>>> and I mean NO SD card wear out problems.
>>>>> And, the kernel update process worked seamlessly. dnf -y upgrade
>>>>>
>>>>> My first Raspberry Pi version 1 with 256Mb ram would burn out an SD
>> card
>>>>> in a day. Thus, with SATA disks everywhere I looked for a SoC with a
>> SATA
>>>>> interface and found the Allwinner A20 chip on the Banana Pi board did.
>>>>>
>>>>> Alan VK2ZIW
>>>>>
>>>>> On Sun, 5 Apr 2020 17:31:47 -0700, \"Tony via ARM-allstar\" wrote
>>>>>> On 4/5/20 4:44 PM, "David McGough via ARM-allstar" wrote:
>>>>>>> ... I'll upload a copy of the code I'm using, if you'd like to
>>>>> experiment
>>>>>>> with it?  This code will get wrapped into a package included in
>>>>> HamVoIP,
>>>>>>> ultimately.
>>>>>> Is it essentially a Hamvoip-specific configuration for the fail2ban
>>>>> package?
>>>>>> _______________________________________________
>>>>>>
>>>>>> ARM-allstar mailing list
>>>>>> ARM-allstar at hamvoip.org
>>>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>>>
>>>>>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>>>>
>>>>> ---------------------------------------------------
>>>>> Alan Beard
>>>>>
>>>>> OpenWebMail 2.53
>>>>>
>>>>> _______________________________________________
>>>>>
>>>>> ARM-allstar mailing list
>>>>> ARM-allstar at hamvoip.org
>>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>>
>>>>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>>>>
>>>>
>>>> --
>>>> Pursuant to U.S. Code, title 47, Chapter 5, Sub chapter II, ß227,
>>>> "Any and all non solicited commercial E-mail sent to this address is
>>>> subject to a download and archival fee of $500.00 U.S.". E-mailing
>> denotes
>>>> acceptance of these terms.
>>>> _______________________________________________
>>>>
>>>> ARM-allstar mailing list
>>>> ARM-allstar at hamvoip.org
>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>>
>>>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>>>
>>> _______________________________________________
>>>
>>> ARM-allstar mailing list
>>> ARM-allstar at hamvoip.org
>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>>
>>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>> _______________________________________________
>>
>> ARM-allstar mailing list
>> ARM-allstar at hamvoip.org
>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>
>> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>>
>
-- 
"The trouble with quotes from the Internet used in email signature lines is that it's difficult to determine if they are genuine." -Abraham Lincoln

More information about the ARM-allstar mailing list