SSH attacks – MOVE YOUR PORT #

Image result for ssh hackSo when we first set-up our remote linux logins, we used the standard SSH port # (22).  We use public keys for our SSH logins, so we weren’t especially worried about port scanners and bot attacks,

But it’s a funny thing going over your logs and seeing remote systems (with IP addresses that trace back to China and Russia, if that means anything) that are trying to login, even though we know for certain there are NO AUTHORIZED USERS at IP locations listed.  The logins fail, but even so…

So, some time ago, we moved to a different SSH port.  It’s not hard – just go to your ssh_config file and pick another unused port.  We have seen people pick ‘222’ and ‘2222’ and even ‘22222’ because, well, they associate ‘2’ with SSH.  We picked different numbers (and that’s all we are going to say on the subject).  Since that time (many months ago), we have not seen a SINGLE ssh login hack.  Not one.  Such a remarkable outcome was not expected.  Even today, going through two log files for our /var/log/auth.log, the only odd IP address we noted was actually from one of our approved mobile devices that was roaming in Europe (so that was not an issue).

It seems hackers are sometimes lazy.  They run a  port-scan of web sites starting presumably at port 22 and working from there.

We like that.  We hope that never changes.

What it tells us is…CHANGE YOUR SSH PORT # FROM 22 to <some-other-number> on any new Linux install.  Do not use port 22 unless you enjoy seeing a log entry of someone try to hack your server.

Enjoy your weekend, and if you adopt our suggestion, you might better enjoy reviewing your log files!  🙂

Simple Folder copy using rsync over ssh

So sometimes you have a folder on one machine that you just need on another one.

We are GREAT FANS of ssh, and we think it’s a perfect secure tunnel for performing such operations.  So the question asked was how do you synchronise /path/to/folder  on the local machine to a remote machine using:

  1. Linux Ubuntu
  2. SSH
  3. A private SSH keyfile
  4. Over a non-standard SSH port

Well, since this linux, it’s actually rather boringly easy:

rsync -r -a -v -e 'ssh -p12345 -i .ssh/rsa-keyfile' /path/to/folder [email protected]:/home/username/path/to

This copies (if necessarily CREATING) ‘folder’ on the local machine to our remote one.  There are however some very important details.

Do NOT add a training ‘/’ to the paths if you want rsync to automatically create the directories.  So use this:

/path/to/folder   [email protected]:/home/uname/path/to

Not this:

/path/to/folder/   [email protected]:/home/uname/path/to/

The latter copies the files (and sub-directories) in /path/to/folder, whereas the former copies the folder, its contents and all its sub-directories, and thus creates the directory ‘folder’ at the remote machine if it does not exist.

Happy rsync’ing