Skip navigation

Is ssh/sshd required?

1719 Views 5 Replies Latest reply: Feb 11, 2011 11:30 AM by Garner RSS
Garner Level 1 Level 1 (0 points)
Currently Being Moderated
Feb 9, 2011 12:01 PM
I have been doing a little research and found that ssh is used for remote logins. If I don't need to remotely login to my server, can I disable ssh altogether? Is that even possible?

The reason I'm asking is because I've noticed in the secure.log a LOT of attempts to break in.

The log file shows things like:
Feb 8 10:34:29 mail sshd[90454]: Invalid user oracle from 119.188.7.153
Feb 8 10:34:31 mail sshd[90457]: Invalid user test from 119.188.7.153
etc...
There are about 25 attempts and then it will start from another IP address with different invalid users.

It also shows lines like:
Feb 9 11:17:39 mail sshd[42411]: Address 74.63.125.54 maps to open.sysdcapable.info, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
There will be literally hundreds of these in the log.

I've found all sorts of info on changing the port that ssh listens to and also to install DenyHosts. All that seems too complicated for me. I tried to install DenyHosts, but when I actually started reading the instructions I was absolutely lost. I just need a simple way to block these attackers from possibly getting into my server. My accounts are secured with decent passwords, but I'd rather be safe than sorry.

Thanks for any help or advice you can give me in advance.

-Garner
MacMini Server, Mac OS X (10.6.6),  iPhone 3G 8GB
  • Gordon Davisson Level 3 Level 3 (520 points)
    Currently Being Moderated
    Feb 10, 2011 8:14 AM (in response to Garner)
    You can turn off SSH service if you want. There are a few things it's needed for, but they're few and far between; setting up a replica Open Directory server is the only one that comes to mind. To turn it off, run System Preferences on the server, go to the Services pane, and disable the "Remote Login" service.
    MacBook Pro, Mac OS X (10.6.6)
  • Camelot Level 8 Level 8 (45,680 points)
    Currently Being Moderated
    Feb 10, 2011 8:45 AM (in response to Garner)
    Rather than turning off SSH altogether, why not just block it at your network edge (router/firewall). That way it will still be available on your LAN but you won't be subject to external connection attempts.
    Mac OS X (10.6.5)
  • cpragman Level 2 Level 2 (430 points)
    Currently Being Moderated
    Feb 10, 2011 5:19 PM (in response to Garner)
    That means your router is forwarding all traffic to the server. It is only a matter of time before your server will be hacked.

    You need to:
    Block port 22 (ssh) at the router, ASAP.
    Use non-trivial passwords (better is to reconfig ssh to only allow login with RSA certificates, but that is more advanced).

    Also, if your router is forwarding all traffic, then it is possible that break-in will be appempted on other protocols (AFP, SMB, etc.). This means you are only as secure as the weakest password of any of your users. Not very safe...
    G4 MDD, Mac OS X (10.5.8)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.