5 Replies Latest reply: Feb 11, 2011 11:30 AM by Garner
Garner Level 1 Level 1 (0 points)
I have been doing a little research and found that ssh is used for remote logins. If I don't need to remotely login to my server, can I disable ssh altogether? Is that even possible?

The reason I'm asking is because I've noticed in the secure.log a LOT of attempts to break in.

The log file shows things like:
Feb 8 10:34:29 mail sshd[90454]: Invalid user oracle from 119.188.7.153
Feb 8 10:34:31 mail sshd[90457]: Invalid user test from 119.188.7.153
etc...
There are about 25 attempts and then it will start from another IP address with different invalid users.

It also shows lines like:
Feb 9 11:17:39 mail sshd[42411]: Address 74.63.125.54 maps to open.sysdcapable.info, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
There will be literally hundreds of these in the log.

I've found all sorts of info on changing the port that ssh listens to and also to install DenyHosts. All that seems too complicated for me. I tried to install DenyHosts, but when I actually started reading the instructions I was absolutely lost. I just need a simple way to block these attackers from possibly getting into my server. My accounts are secured with decent passwords, but I'd rather be safe than sorry.

Thanks for any help or advice you can give me in advance.

-Garner

MacMini Server, Mac OS X (10.6.6),  iPhone 3G 8GB
  • 1. Re: Is ssh/sshd required?
    Gordon Davisson Level 3 Level 3 (520 points)
    You can turn off SSH service if you want. There are a few things it's needed for, but they're few and far between; setting up a replica Open Directory server is the only one that comes to mind. To turn it off, run System Preferences on the server, go to the Services pane, and disable the "Remote Login" service.
  • 2. Re: Is ssh/sshd required?
    Camelot Level 8 Level 8 (45,790 points)
    Rather than turning off SSH altogether, why not just block it at your network edge (router/firewall). That way it will still be available on your LAN but you won't be subject to external connection attempts.
  • 3. Re: Is ssh/sshd required?
    Garner Level 1 Level 1 (0 points)
    Thanks for the replies.

    I'd like to block it at the network edge, but we don't have a firewall appliance and I'd rather not try to mess with the router. This server is used as an email server and that's it. It is in my office and I can access it directly. There is no reason to have remote access, so I'd just assume disable it completely.

    Thanks.

    Message was edited by: Garner
  • 4. Re: Is ssh/sshd required?
    cpragman Level 2 Level 2 (445 points)
    That means your router is forwarding all traffic to the server. It is only a matter of time before your server will be hacked.

    You need to:
    Block port 22 (ssh) at the router, ASAP.
    Use non-trivial passwords (better is to reconfig ssh to only allow login with RSA certificates, but that is more advanced).

    Also, if your router is forwarding all traffic, then it is possible that break-in will be appempted on other protocols (AFP, SMB, etc.). This means you are only as secure as the weakest password of any of your users. Not very safe...
  • 5. Re: Is ssh/sshd required?
    Garner Level 1 Level 1 (0 points)
    Thank you very much cpragman. I'm in the process of contacting my ISP, who manages the router, to have them secure it more.