Blindar un servidor SSH

Question

Blindar un servidor SSH

albertsab 24 ene 2010 19:53

Mr Brightside

2.697 mensajes
desde mar 2008
en Inubicado

Muy buenas, creo que si bien llevo un buen tiempo trabajando con Linux es la primera vez que paso por aquí, un saludo a todos.

La cuestión es que recientemente he montado un servidor SSH en casa, un Debian Testing que funciona en mi ordenador de sobremesa bajo Virtualbox (estoy a la espera de que me llegue una placa para montar un ordenador dedicado, y sí, en el sobremesa uso Windows). No es gran cosa, simplemente lo tengo para tener una copia de mis datos "vitales" (del instituto mayormente), o para abrir algun programilla en el instituto por tunel de X11. Me fijé en que según que horas iba bien y según que horas iba de culo, no le di importancia pensando que serían problemas aplicables a la conexión de internet.

El viernes, en un momento de aburrimiento me dio por mirar el auth.log, y estaba lleno de accesos incorrectos. Alguien me estaba intentando hacer ataques a fuerza bruta, con intentos de acceso con usuarios inexistentes, en varios días y con distintas IPs. Cosa que me sorprendió, porque este servidor lo tengo a título personal, no hay nada interesante y tengo IP dinámica, cada noche apago el router y por la mañana tengo la costumbre de apuntarme la IP externa que me da...

Un trozo del auth.log, en sólo un minuto... entre las 20:08 y las 20:19 tengo 4041 líneas en el log, y así varios días...

Jan 22 20:08:11 debianservervbox sshd[3595]: Invalid user PlcmSpIp from 85.37.38.220
Jan 22 20:08:11 debianservervbox sshd[3595]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:11 debianservervbox sshd[3595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:13 debianservervbox sshd[3595]: Failed password for invalid user PlcmSpIp from 85.37.38.220 port 42970 ssh2
Jan 22 20:08:14 debianservervbox sshd[3598]: Invalid user plcmspip from 85.37.38.220
Jan 22 20:08:14 debianservervbox sshd[3598]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:14 debianservervbox sshd[3598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:16 debianservervbox sshd[3598]: Failed password for invalid user plcmspip from 85.37.38.220 port 45414 ssh2
Jan 22 20:08:17 debianservervbox sshd[3600]: Invalid user plcmspip from 85.37.38.220
Jan 22 20:08:17 debianservervbox sshd[3600]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:17 debianservervbox sshd[3600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:19 debianservervbox sshd[3600]: Failed password for invalid user plcmspip from 85.37.38.220 port 46896 ssh2
Jan 22 20:08:25 debianservervbox sshd[3602]: Invalid user db2inst1 from 85.37.38.220
Jan 22 20:08:25 debianservervbox sshd[3602]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:25 debianservervbox sshd[3602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:26 debianservervbox sshd[3602]: Failed password for invalid user db2inst1 from 85.37.38.220 port 48953 ssh2
Jan 22 20:08:27 debianservervbox sshd[3604]: Invalid user dasusr1 from 85.37.38.220
Jan 22 20:08:27 debianservervbox sshd[3604]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:27 debianservervbox sshd[3604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:30 debianservervbox sshd[3604]: Failed password for invalid user dasusr1 from 85.37.38.220 port 54464 ssh2
Jan 22 20:08:31 debianservervbox sshd[3606]: Invalid user ts from 85.37.38.220
Jan 22 20:08:31 debianservervbox sshd[3606]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:31 debianservervbox sshd[3606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:31 debianservervbox sshd[3608]: Invalid user PlcmSpIp from 85.37.38.220
Jan 22 20:08:31 debianservervbox sshd[3608]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:31 debianservervbox sshd[3608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:33 debianservervbox sshd[3606]: Failed password for invalid user ts from 85.37.38.220 port 56784 ssh2
Jan 22 20:08:33 debianservervbox sshd[3608]: Failed password for invalid user PlcmSpIp from 85.37.38.220 port 56898 ssh2
Jan 22 20:08:34 debianservervbox sshd[3610]: Invalid user TeamSpeak from 85.37.38.220
Jan 22 20:08:34 debianservervbox sshd[3610]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:34 debianservervbox sshd[3610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:34 debianservervbox sshd[3612]: Invalid user plcmspip from 85.37.38.220
Jan 22 20:08:34 debianservervbox sshd[3612]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:34 debianservervbox sshd[3612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:36 debianservervbox sshd[3610]: Failed password for invalid user TeamSpeak from 85.37.38.220 port 58794 ssh2
Jan 22 20:08:36 debianservervbox sshd[3612]: Failed password for invalid user plcmspip from 85.37.38.220 port 58877 ssh2
Jan 22 20:08:37 debianservervbox sshd[3614]: Invalid user cisco from 85.37.38.220
Jan 22 20:08:37 debianservervbox sshd[3614]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:37 debianservervbox sshd[3614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:37 debianservervbox sshd[3616]: Invalid user plcmspip from 85.37.38.220
Jan 22 20:08:37 debianservervbox sshd[3616]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:37 debianservervbox sshd[3616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:37 debianservervbox sshd[3618]: Invalid user PlcmSpIp from 85.37.38.220
Jan 22 20:08:37 debianservervbox sshd[3618]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:37 debianservervbox sshd[3618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:39 debianservervbox sshd[3614]: Failed password for invalid user cisco from 85.37.38.220 port 60376 ssh2
Jan 22 20:08:39 debianservervbox sshd[3616]: Failed password for invalid user plcmspip from 85.37.38.220 port 60423 ssh2
Jan 22 20:08:39 debianservervbox sshd[3618]: Failed password for invalid user PlcmSpIp from 85.37.38.220 port 60593 ssh2
Jan 22 20:08:40 debianservervbox sshd[3620]: Invalid user domin from 85.37.38.220
Jan 22 20:08:40 debianservervbox sshd[3620]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:40 debianservervbox sshd[3620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:40 debianservervbox sshd[3622]: Invalid user db2inst1 from 85.37.38.220
Jan 22 20:08:40 debianservervbox sshd[3622]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:40 debianservervbox sshd[3622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:40 debianservervbox sshd[3624]: Invalid user plcmspip from 85.37.38.220
Jan 22 20:08:40 debianservervbox sshd[3624]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:40 debianservervbox sshd[3624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:42 debianservervbox sshd[3620]: Failed password for invalid user domin from 85.37.38.220 port 34579 ssh2
Jan 22 20:08:42 debianservervbox sshd[3622]: Failed password for invalid user db2inst1 from 85.37.38.220 port 34639 ssh2
Jan 22 20:08:42 debianservervbox sshd[3624]: Failed password for invalid user plcmspip from 85.37.38.220 port 34833 ssh2
Jan 22 20:08:42 debianservervbox sshd[3626]: Invalid user svn from 85.37.38.220
Jan 22 20:08:42 debianservervbox sshd[3626]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:42 debianservervbox sshd[3626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:43 debianservervbox sshd[3628]: Invalid user dasusr1 from 85.37.38.220
Jan 22 20:08:43 debianservervbox sshd[3628]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:43 debianservervbox sshd[3628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:43 debianservervbox sshd[3630]: Invalid user plcmspip from 85.37.38.220
Jan 22 20:08:43 debianservervbox sshd[3630]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:43 debianservervbox sshd[3630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:45 debianservervbox sshd[3628]: Failed password for invalid user dasusr1 from 85.37.38.220 port 36887 ssh2
Jan 22 20:08:45 debianservervbox sshd[3626]: Failed password for invalid user svn from 85.37.38.220 port 36811 ssh2
Jan 22 20:08:45 debianservervbox sshd[3630]: Failed password for invalid user plcmspip from 85.37.38.220 port 37005 ssh2
Jan 22 20:08:46 debianservervbox sshd[3633]: Invalid user ts from 85.37.38.220
Jan 22 20:08:46 debianservervbox sshd[3633]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:46 debianservervbox sshd[3633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:46 debianservervbox sshd[3635]: Invalid user test from 85.37.38.220
Jan 22 20:08:46 debianservervbox sshd[3635]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:46 debianservervbox sshd[3635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:46 debianservervbox sshd[3637]: Invalid user db2inst1 from 85.37.38.220
Jan 22 20:08:46 debianservervbox sshd[3637]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:46 debianservervbox sshd[3637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:48 debianservervbox sshd[3633]: Failed password for invalid user ts from 85.37.38.220 port 38253 ssh2
Jan 22 20:08:48 debianservervbox sshd[3635]: Failed password for invalid user test from 85.37.38.220 port 38285 ssh2
Jan 22 20:08:48 debianservervbox sshd[3637]: Failed password for invalid user db2inst1 from 85.37.38.220 port 38442 ssh2
Jan 22 20:08:48 debianservervbox sshd[3639]: Invalid user TeamSpeak from 85.37.38.220
Jan 22 20:08:48 debianservervbox sshd[3639]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:48 debianservervbox sshd[3639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:49 debianservervbox sshd[3641]: Invalid user test from 85.37.38.220
Jan 22 20:08:49 debianservervbox sshd[3641]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:49 debianservervbox sshd[3641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:49 debianservervbox sshd[3643]: Invalid user dasusr1 from 85.37.38.220
Jan 22 20:08:49 debianservervbox sshd[3643]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:49 debianservervbox sshd[3643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:51 debianservervbox sshd[3645]: Invalid user PlcmSpIp from 85.37.38.220
Jan 22 20:08:51 debianservervbox sshd[3645]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:51 debianservervbox sshd[3645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:51 debianservervbox sshd[3639]: Failed password for invalid user TeamSpeak from 85.37.38.220 port 40443 ssh2
Jan 22 20:08:51 debianservervbox sshd[3641]: Failed password for invalid user test from 85.37.38.220 port 40512 ssh2
Jan 22 20:08:51 debianservervbox sshd[3643]: Failed password for invalid user dasusr1 from 85.37.38.220 port 40683 ssh2
Jan 22 20:08:52 debianservervbox sshd[3647]: Invalid user cisco from 85.37.38.220
Jan 22 20:08:52 debianservervbox sshd[3647]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:52 debianservervbox sshd[3647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:52 debianservervbox sshd[3649]: Invalid user test from 85.37.38.220
Jan 22 20:08:52 debianservervbox sshd[3649]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:52 debianservervbox sshd[3649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:52 debianservervbox sshd[3651]: Invalid user ts from 85.37.38.220
Jan 22 20:08:52 debianservervbox sshd[3651]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:52 debianservervbox sshd[3651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:53 debianservervbox sshd[3645]: Failed password for invalid user PlcmSpIp from 85.37.38.220 port 41562 ssh2
Jan 22 20:08:53 debianservervbox sshd[3647]: Failed password for invalid user cisco from 85.37.38.220 port 42137 ssh2
Jan 22 20:08:54 debianservervbox sshd[3649]: Failed password for invalid user test from 85.37.38.220 port 43046 ssh2
Jan 22 20:08:54 debianservervbox sshd[3653]: Invalid user plcmspip from 85.37.38.220
Jan 22 20:08:54 debianservervbox sshd[3653]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:54 debianservervbox sshd[3653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:54 debianservervbox sshd[3651]: Failed password for invalid user ts from 85.37.38.220 port 43261 ssh2
Jan 22 20:08:54 debianservervbox sshd[3655]: Invalid user domin from 85.37.38.220
Jan 22 20:08:54 debianservervbox sshd[3655]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:54 debianservervbox sshd[3655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:55 debianservervbox sshd[3657]: Invalid user test from 85.37.38.220
Jan 22 20:08:55 debianservervbox sshd[3657]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:55 debianservervbox sshd[3657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:55 debianservervbox sshd[3659]: Invalid user TeamSpeak from 85.37.38.220
Jan 22 20:08:55 debianservervbox sshd[3659]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:55 debianservervbox sshd[3659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:56 debianservervbox sshd[3653]: Failed password for invalid user plcmspip from 85.37.38.220 port 44004 ssh2
Jan 22 20:08:56 debianservervbox sshd[3655]: Failed password for invalid user domin from 85.37.38.220 port 44215 ssh2
Jan 22 20:08:57 debianservervbox sshd[3657]: Failed password for invalid user test from 85.37.38.220 port 44374 ssh2
Jan 22 20:08:57 debianservervbox sshd[3661]: Invalid user plcmspip from 85.37.38.220
Jan 22 20:08:57 debianservervbox sshd[3661]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:57 debianservervbox sshd[3661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:57 debianservervbox sshd[3659]: Failed password for invalid user TeamSpeak from 85.37.38.220 port 44506 ssh2
Jan 22 20:08:57 debianservervbox sshd[3663]: Invalid user svn from 85.37.38.220
Jan 22 20:08:57 debianservervbox sshd[3663]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:57 debianservervbox sshd[3663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:58 debianservervbox sshd[3665]: Invalid user dream from 85.37.38.220
Jan 22 20:08:58 debianservervbox sshd[3665]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:58 debianservervbox sshd[3665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:58 debianservervbox sshd[3667]: Invalid user cisco from 85.37.38.220
Jan 22 20:08:58 debianservervbox sshd[3667]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:08:58 debianservervbox sshd[3667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:08:59 debianservervbox sshd[3661]: Failed password for invalid user plcmspip from 85.37.38.220 port 46244 ssh2
Jan 22 20:09:00 debianservervbox sshd[3665]: Failed password for invalid user dream from 85.37.38.220 port 46650 ssh2
Jan 22 20:09:00 debianservervbox sshd[3663]: Failed password for invalid user svn from 85.37.38.220 port 46453 ssh2
Jan 22 20:09:00 debianservervbox sshd[3667]: Failed password for invalid user cisco from 85.37.38.220 port 46764 ssh2
Jan 22 20:09:00 debianservervbox sshd[3669]: Invalid user db2inst1 from 85.37.38.220
Jan 22 20:09:00 debianservervbox sshd[3669]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:09:00 debianservervbox sshd[3669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:09:00 debianservervbox sshd[3671]: Invalid user suzuki from 85.37.38.220
Jan 22 20:09:00 debianservervbox sshd[3671]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:09:00 debianservervbox sshd[3671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:09:00 debianservervbox sshd[3673]: Invalid user test from 85.37.38.220
Jan 22 20:09:00 debianservervbox sshd[3673]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:09:00 debianservervbox sshd[3673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:09:01 debianservervbox sshd[3675]: Invalid user domin from 85.37.38.220
Jan 22 20:09:01 debianservervbox sshd[3675]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:09:01 debianservervbox sshd[3675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:09:02 debianservervbox sshd[3669]: Failed password for invalid user db2inst1 from 85.37.38.220 port 48633 ssh2
Jan 22 20:09:03 debianservervbox sshd[3671]: Failed password for invalid user suzuki from 85.37.38.220 port 48798 ssh2
Jan 22 20:09:03 debianservervbox sshd[3673]: Failed password for invalid user test from 85.37.38.220 port 48835 ssh2
Jan 22 20:09:03 debianservervbox sshd[3675]: Failed password for invalid user domin from 85.37.38.220 port 48954 ssh2
Jan 22 20:09:03 debianservervbox sshd[3677]: Invalid user dasusr1 from 85.37.38.220
Jan 22 20:09:03 debianservervbox sshd[3677]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:09:03 debianservervbox sshd[3677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:09:03 debianservervbox sshd[3679]: Invalid user radmin from 85.37.38.220
Jan 22 20:09:03 debianservervbox sshd[3679]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:09:03 debianservervbox sshd[3679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:09:04 debianservervbox sshd[3681]: Invalid user test from 85.37.38.220
Jan 22 20:09:04 debianservervbox sshd[3681]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:09:04 debianservervbox sshd[3681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:09:04 debianservervbox sshd[3683]: Invalid user svn from 85.37.38.220
Jan 22 20:09:04 debianservervbox sshd[3683]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:09:04 debianservervbox sshd[3683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:09:06 debianservervbox sshd[3677]: Failed password for invalid user dasusr1 from 85.37.38.220 port 50189 ssh2
Jan 22 20:09:06 debianservervbox sshd[3681]: Failed password for invalid user test from 85.37.38.220 port 51208 ssh2
Jan 22 20:09:06 debianservervbox sshd[3679]: Failed password for invalid user radmin from 85.37.38.220 port 51146 ssh2
Jan 22 20:09:06 debianservervbox sshd[3683]: Failed password for invalid user svn from 85.37.38.220 port 51376 ssh2
Jan 22 20:09:06 debianservervbox sshd[3685]: Invalid user ts from 85.37.38.220
Jan 22 20:09:06 debianservervbox sshd[3685]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 20:09:06 debianservervbox sshd[3685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host220-38-static.37-85-b.business.telecomitalia.it 
Jan 22 20:09:07 debianservervbox sshd[3687]: Invalid user test from 85.37.38.220

A todo esto, pues lo que decía en el título... ¿algo para cortarle el grifo a este tío? A parte de pillar las IPs desde las que me han atacado y meterlas en el hosts.deny, cosa que tendía que hacer cada vez que me atacaran... ya no digo de hacer que el tío me deje de atacar (que si puede ser mejor

), si no algo para que no pueda entrar y que le pida el login.

Gracias por adelantado :3

7 respuestas

jajavimo 24 ene 2010 20:11 Adicto **426** mensajes desde **oct 2005** · Answer 1 · 2010-01-24T19:11:21+00:00

jajavimo 24 ene 2010 20:11

Adicto

426 mensajes
desde oct 2005

Cambia el puerto

Answer 2 · 2010-01-24T19:19:35+00:00

Cambiar puerto, desabilitar login de root, usar denyhosts para que lo que estás haciando se haga de forma automatica, quitar la autenticación por contraseña y usar llaves, etc.

Answer 3 · 2010-01-24T20:50:10+00:00

Activar el firewall y permitir sólo conexiones al puerto ssh desde la IP origen que tú elijas. Si no te hace falta entrar desde el esterior, permite conexiones sólo desde tu LAN.
Ah! y como decían deshabilitar el login por root.

Saludos

Answer 4 · 2010-01-24T21:06:22+00:00

Lo de entrar desde fuera me hace falta, de hecho es para lo que principalmente tengo el servidor.

Puerto cambiado, no había pensado en ello... acceso de root lo tengo desactivado.

Denyhosts está bien, precisamente buscaba algo del estilo, que tras x conexiones se bloqueara, gracias :3

Answer 5 · 2010-01-24T22:09:26+00:00

fail2ban, acceso por clave publica/privada, no permitas login por password, ni acceso a root y ya lo tienes

Lo de cambiar el puerto es un poco tonterida... con un scaner de puertos se ve facil.
Saludos!

javierms 24 ene 2010 23:17 Novato 12 mensajes desde **ene 2010** · Answer 6 · 2010-01-24T22:17:10+00:00

Si solo vas a realizar las conexiones desde una ciudad/país, un filtrado de ip por geolocalización, también puede ser interesante.

Si te interesa, puedes obtener más información en http://www.securitybydefault.com/2010/0 ... ps-10.html y http://code.google.com/p/sbdtools/wiki/GeoIPS

ArangeL 25 ene 2010 00:05 MegaAdicto!!! **1.967** mensajes desde **jun 2006** · Answer 7 · 2010-01-24T23:05:47+00:00

e-Minguez escribió:[...]Lo de cambiar el puerto es un poco tonterida... con un scaner de puertos se ve facil.
Saludos!

No opino lo mismo. Pues un escaneo de puerto requiere TIEMPO y RECURSOS que cualquier botnet no usará, pues su finalidad es buscar servidores SIN MANTENER para poder controlarlos. Los netbot buscan los puertos por defecto y los explota; no se preocupan en escanearte los puertos, pues es una tarea LENTA y ya de por sí señala que el administrador de dicho servidor se ha tomado la molestia, y seguramente advierta el ataque.

Lo mejor es usar tu router como modem, y tu servidor como router; y usar iptables para ello. La mayoría de routers se bloquean al realizar 4096 conexiones paralelas, y provocas desbordamientos, y dependiendo del modelo/fabricante dejan puertas abiertas cuando ocurre.

Con iptables también puedes hacer que los paquetes recibidos no deseados "se pierdan" en vez de ser denegados, por lo que la parte atacante lo detecta como ip "libre" o sin asignar, y pasa de atacar. Los routers caseros deniegan, por lo que la parte atacante puede hacer DDOS o saber que hay alguien "escuchando" y por tanto realizar ESCANEOS.

En cuanto a SSH, ya te lo han dicho. Configurar SSH en otro puerto, que deniegue al usuario "root", que no permita contraseñas, sólo firmas, y usar cualquier sistema que ignore las conexiones entrantes no solicitadas (que no deniegue).