Jump to content
XPEnology Community

Brute force ssh attacks

Soorma

By Soorma
in Archives

 Share

Recommended Posts

Soorma Newbie

Soorma

Posted
  • Author
Posted
Any computer connected to the net is going to see attacks.

 

Me personally I don't have anything accessable to the net...

 

my firewall , cctv camera server & Diskstation 212+ also has open ssh port but attack was only going to Xpenology box ip. i did has default mac address / SN# but i changed it last night.

Link to comment
Share on other sites
Soorma Newbie

Soorma

Posted
  • Author
Posted
Any computer connected to the net is going to see attacks.

 

Me personally I don't have anything accessable to the net...

 

my firewall , cctv camera server & Diskstation 212+ also has open ssh port but attack was only going to Xpenology box ip. i did has default mac address / SN# but i changed it last night.

Link to comment
Share on other sites
fgullama Newbie

fgullama

Posted
Posted

I set my MAC address to native for my card and randomized the other three dummy MACs. I also changed the SSH port as well. That stopped everything for a couple of weeks, but I did see some fresh some IP blocks yesterday in my logs (I block after five failed attempts)... Definitely changing to a non default port cut way way down on the attacks though.

 

Frank

Link to comment
Share on other sites
fgullama Newbie

fgullama

Posted
Posted

I set my MAC address to native for my card and randomized the other three dummy MACs. I also changed the SSH port as well. That stopped everything for a couple of weeks, but I did see some fresh some IP blocks yesterday in my logs (I block after five failed attempts)... Definitely changing to a non default port cut way way down on the attacks though.

 

Frank

Link to comment
Share on other sites
  • 2 months later...
shackwove Junior Member

shackwove

Posted
Posted

For an added layer you can forward a port in your router to your SSH port on DSM.

 

Your router's config would look like this :

 

External port : 35775

Internal port : 22

 

now you only have to connect to it using ssh -p 35775 user@ip

 

You can also disable the ability to ssh as root, this is common practice to any ssh box, you can then login as say "admin" and then switch to root if you have to. DSM is particular tho and we have to change something first or we won't be able to switch user afterwards.

 

1. Login as ssh root@dsm
2. Change permissions on /bin/su with chmod a+s /bin/su
3. Try it, login with ssh admin@dsm
4. Type su
5. Enter password and type whoami  < this should return "root"
6. Disable root login in /etc/ssh/sshd_config 
as root user do vi /etc/ssh/sshd_config
locate the line that says #PermitRootLogin yes
Press insert and edit it so it looks like "PermitRootLogin no"
Press escape and type ":wq" and press enter
7. In the web GUI, Control Panel > Terminal > Disable SSH and apply > Enable SSH and apply
8. Try to connect as root, it shouldn't let you anymore, so connect as admin

 

That's it, nobody can longer connect to your DSM as root but you still have root capabilities!

 

 

 

 

 

Place your cursor over this line

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...