wpte
09-12-2008, 19:55
WARNING:
This how-to is currently NOT working.
I'm sorry to dissapoint everyone, but it seems to be a problem with denyhosts, wich is an old version
I'll try to come up with the newest versions of both programs with the right configuration parameters.
Thanks
You may find this how-to also on my own site: http://wpte.kicks-ass.net/forum/viewthread.php?thread_id=5
Everybody knows that you get attacked if you open up your ssh connection to the world.
Since these attacks are really ennoying, and keep using your router, you can block them out with Open SSH and DenyHosts!
Preparation
First you need to prepare your router for the new installation.
You most likely have dropbear installed, wich does the same thing as openssh, but is not as configurable as openssh.
First of all, make sure you have Telnet ACTIVATED on the webadmin, so you can properly install openssh and denyhosts.
Now you can remove dropbear from the startup list:
vi /usr/local/sbin/post-boot
and remove the text
dropbear
save the file
now save the settings:
flashfs save && flashfs commit && flashfs enable && reboot
Installing OpenSSH and DenyHosts
(reminder: you don't have an ssh server now, so use TELNET to login)
just type in:
ipkg update
ipkg upgrade
ipkg install openssh denyhost
Now you most likely will see some error messages popping up from denyhosts, don't worry, will fix that soon!
Also you will notice, that openssh directly creates keys for a safe data transmission between client and server.
Editing the Configuration files
first openssh:
vi /opt/etc/openssh/sshd_config
In order of apperance:
port 22
MaxAuthTries 3
MaxSessions 5
This makes sure, that you cannot open up more than 5 connections (screens) at once from 1 ip
And will give you 3 tries to login, if 3 times failed, you need to restart putty.
These settings will most likely give already a harder time for any hacker.
second DenyHosts:
vi /opt/etc/denyhosts.cfg
The only thing you have to change here is this:
# Optware:
SECURE_LOG = /tmp/syslog.log
IF however you have logrotate installed, you will need to change it to this:
vi /opt/etc/denyhosts.cfg
The only thing you have to change here is this:
# Optware:
SECURE_LOG = /opt/var/log/syslog.log
Restart
Before we're ready to restart, please execute this again:
ipkg upgrade
Now you will notice, that it will configure denyhosts, and no errors will show up anymore...
if it still does, you haven't configured the logfile location properly!
if everything is ok, you can try to restart and check your fresh ssh server out!
reboot
note that putty will give a warning, because there are new ssh certificates on your server.
you can also turn telnet off if you want.
Good luck!:)
This how-to is currently NOT working.
I'm sorry to dissapoint everyone, but it seems to be a problem with denyhosts, wich is an old version
I'll try to come up with the newest versions of both programs with the right configuration parameters.
Thanks
You may find this how-to also on my own site: http://wpte.kicks-ass.net/forum/viewthread.php?thread_id=5
Everybody knows that you get attacked if you open up your ssh connection to the world.
Since these attacks are really ennoying, and keep using your router, you can block them out with Open SSH and DenyHosts!
Preparation
First you need to prepare your router for the new installation.
You most likely have dropbear installed, wich does the same thing as openssh, but is not as configurable as openssh.
First of all, make sure you have Telnet ACTIVATED on the webadmin, so you can properly install openssh and denyhosts.
Now you can remove dropbear from the startup list:
vi /usr/local/sbin/post-boot
and remove the text
dropbear
save the file
now save the settings:
flashfs save && flashfs commit && flashfs enable && reboot
Installing OpenSSH and DenyHosts
(reminder: you don't have an ssh server now, so use TELNET to login)
just type in:
ipkg update
ipkg upgrade
ipkg install openssh denyhost
Now you most likely will see some error messages popping up from denyhosts, don't worry, will fix that soon!
Also you will notice, that openssh directly creates keys for a safe data transmission between client and server.
Editing the Configuration files
first openssh:
vi /opt/etc/openssh/sshd_config
In order of apperance:
port 22
MaxAuthTries 3
MaxSessions 5
This makes sure, that you cannot open up more than 5 connections (screens) at once from 1 ip
And will give you 3 tries to login, if 3 times failed, you need to restart putty.
These settings will most likely give already a harder time for any hacker.
second DenyHosts:
vi /opt/etc/denyhosts.cfg
The only thing you have to change here is this:
# Optware:
SECURE_LOG = /tmp/syslog.log
IF however you have logrotate installed, you will need to change it to this:
vi /opt/etc/denyhosts.cfg
The only thing you have to change here is this:
# Optware:
SECURE_LOG = /opt/var/log/syslog.log
Restart
Before we're ready to restart, please execute this again:
ipkg upgrade
Now you will notice, that it will configure denyhosts, and no errors will show up anymore...
if it still does, you haven't configured the logfile location properly!
if everything is ok, you can try to restart and check your fresh ssh server out!
reboot
note that putty will give a warning, because there are new ssh certificates on your server.
you can also turn telnet off if you want.
Good luck!:)