Re: [OT] Is it possible to hide the ip in ssh connection
On Tuesday 21 August 2012 08:09:22 lina wrote:
> On Tuesday 21,August,2012 07:48 PM, Eike Lantzsch wrote:
> > On Monday 20 August 2012 09:59:47 lina wrote:
> >> Hi,
> >>
> >> I ssh to a server which has 400+ users, active ones around 100.
> >>
> >> Frankly speaking, I would feel comfortable to hide my IP if possible,
> >>
> >> any suggestions (I checked the spoof, but seems not positive),
> >>
> >> Thanks with best regards,
> >
> > Hi lina!
> >
> > I followed the thread and I wonder why nobody recommended to change sshd
> > to listen on any other port than 22, e.g. 2424. That will calm down most
> > attacks / probing of ssh.
>
> That's very nice of you, I guess default many people had already changed
> that port, and they thought I would have realized that earlier it's one
> way of facing it.
>
> Well, I just made the change to the sshd_config to some other port and
> also changed the iptables.
>
> > Also I wondered why nobody recommended to install DenyHosts?
>
> will install it.
>
> > I installed it on my OpenBSD gateway and it is quite funny to see which
> > usernames and passwords are tried to get into the box.
> > That was with sshd still listening on port 22. Now that it is on another
> > port there were no probes whatever for about a year. Stupid hacking!
> >
> > Of course you need to inform your ssh users of the change. If the same
> > machines on your own network still attack ssh than it should be easy to
> > figure out which machine is doing that by looking at the MAC-address.
>
> quite interesting, how can I know its MAC address.
arp -a
and do have a look at http://denyhosts.sourceforge.net/
>
> Today I sent the email to administrator, here quote what he answered
> me:"Do you wish to change password just to be sure? Once you change, you
> let me know, I'll rsync all the password file. It could be a robot."
> "
> So I think it's better not bother him much. he didn't talk the questions
> I asked and he referred that I should change password of those servers.
>
> Best regards, and also thanks all for your time and valuable suggestions,
>
Again kind regards,
Eike
--
Eike Lantzsch ZP6CGE
Casilla de Correo 1519
1209 Asuncion / Paraguay
Reply to: