For those into stealing SSH passwords and username: http://pentestmonkey.net/blog/sshd-snooping
OpenSSH usually listens on TCP port 22. However, there are some people who wish to change OpenSSH port to avoid brute-force bot attacks or to avoid from being blocked by restrictive firewall.
To change OpenSSH port, one only need to edit “/etc/ssh/sshd_config” file and change the port at “Port 22” to something else, like “Port 8080” or “Port 443”
#/etc/ssh/sshd_config # What ports, IPs and protocols we listen for Port 8080
Save, and restart ssh server.
sudo service ssh restart
Additionally you can also configure OpenSSH to listen to multiple port (usually to avoid restrictive firewall rules)
#/etc/ssh/sshd_config # What ports, IPs and protocols we listen for Port 22 Port 8080 Port 443
The example above shows a configuration which lets OpenSSH to listen to port 22, 443 (TLS/SSL) and port 8080 (HTTP-PROXY), these are the ports that usually unblocked by corporate firewall.
Don’t forget to restart ssh service as soon as you’ve save the file!!
In Ubuntu or Debian, a default OpenSSH server will display OpenSSH version alongside with Ubuntu/Debian distribution banner:
$ telnet repeater.my 172.16.91.20 22 Trying 172.16.91.20... Connected to 172.16.91.20. Escape character is '^]'. SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
You can hide the identifying part of Ubuntu-2ubuntu2 from the server banner by editing /etc/ssh/sshd_config file, and adding “DebianBanner no” either at the end of the file, or just under “Port 22” configuration in “/etc/ssh/sshd_config”
#/etc/ssh/sshd_config # What ports, IPs and protocols we listen for Port 22 DebianBanner no
Save and restart OpenSSH server by typing
sudo service ssh restart
Now the response will just be:
Trying 172.16.91.20... Connected to 172.16.91.20. Escape character is '^]'. SSH-2.0-OpenSSH_6.6.1p1
Further Reading: Ubuntu Server Administrator Reference
FastSSH.com is a provider for FreeSSH account, which can be use for secure tunneling account or to avoid from Firewall.
User has to select SSH account from a set of locations (refer to picture below), which has its own features and limited. (ie: some server offer protocol forwarding in UDP and TCP, while some impose limit on 500 connections/day).
Creating an account is as easy as filling the “Account Creation Form”, which does not require email. Account created through FastSSH is valid for SEVEN(7) days.
However, I personally do not use FastSSH as I’ve my own box, and relying on a 3rd party SSH provider for my tunneling needs would pose security concerns over sensitive data. You’ve been warned.
*FastSSH does not offer UNIX shell, instead it only offers SSH tunneling service. See Simple SSH Tunelling Tips and SSH port forwarding in Microsoft Windows for more information on SSH tunelling
SSH tunelling is usually used to avoid firewall restriction or to ensure point-to-point encrypted communication.
For example, if you want to send email to smtp server “smtp.yourserver.com” on port 587, but your organization currently blocking smtp port 25 and 587, then you can benefit from SSH tunelling to avoid from being blocked.
To get around that, you need an intermediate server, fastssh.com currently provide SSH tunneling service with 7days trial account.
Simple SSH tunnelling command, if you’re using fastssh.com service.
ssh -f firstname.lastname@example.org -L 2000:smtp.yourserver.com:587 -N
So in your mail setting, you can safely put, SMTP Server = “127.0.0.1”, SMTP port = “2000” in your setting, in order to automagically connect to “smtp.yourserver.com” port 587 without firewall restriction.
Please refer here, for port forwarding in Microsoft Windows environment using PuTTY
Secured Shell or SSH is a great way to enable a secure login for your UNIX / Linux Box. However there are precaution that you should take in order to properly secure SSH daemon from being scanned or attacked by script kiddies or automated bots.
This week I’m going to write a series of article on securing SSH on Ubuntu Linux Box (VPS) and I’m going to link to this post from time to time.
- Disable Root login, enable SSH login for a handful of users only
- Install and configure Fail2Ban
- Limit access with Firewall Rules (limit by ip block, or ip address)
- Limit connection rate to SSH port
- Disable keyboard interactive login, Use public-key login
- Security Security through obscurity: Hiding SSH version
- Security Security through obscurity: Change default SSH ports
Hope this will help in securing your Linux Box / Linux VPS