Topic: Two concurrent SSH connections

[smeerbartje]

Hi,

I have a SME server 7.3 installed with remote access allowed from the internet. I also have installed the contrib SME7ADMIN, which is great! However yesterday I received an "alert" which told me that two concurrent SSH connections were opened. Also have a look at the following screenshot. Now my question is: how can I see in the logfiles (which file??) what IP address did connect to the server via SSH?

[e[nt]e]

In the server-manager "View log files" then choose sshd with the appropriate date or shhd/current if it was just yesterday. Then click the "Next" Button in the lower right corner.

JFYI: You will be shown the log files in /var/log/sshd/

[Stefano]

just remember that if a user opens 2 instances of a ssh client (for example putty), you've got 2 active connections..

Ciao
Stefano

[smeerbartje]

just remember that if a user opens 2 instances of a ssh client (for example putty), you've got 2 active connections..

Ciao
Stefano

Indeed, thanks for the replies. I found out it was myself

But a lot of people try to connect to my SSH deamon, just by entering random passwords. Is it possible to install a contrib or whatsoever to black a certain IP address for alll incoming traffic? I already found this page, but I would appreciate a new tab in the server manager which enables me to manage blocked IP addresses.

[Jáder]

Hi
That should be another thread (or a search-before-thread)... anyways:
You could switch to key authentication to do login... do not use keys... so if root (and any other account) isn´t allowed to login using passwords, all those random passwords attacks will die at front door.

Search here and howto about how to change to key authentication on ssh.

[Daniel B.]

denyhosts is what you're looking for

Code: [Select]

yum --enablerepo=smecontribs install smeserver-denyhostsIt will block hosts which fails too many authentications on your ssh server.

[Stefano]

Hi..

if you wish to continue to use password for ssh auth, you could simply change ssh port

ciao
Stefano

P.S. this is not a security improvement, it simply reduce bots' attacks

[smeerbartje]

I just installed SSH Denyhosts and it's working great! Exactly what I want. I still have one question thouh. Is it possible to remove an ip-address from the blocked list?