When I setup my RedHat AS4 Linux server and connected it to the Internet, I soon saw in my logs that there were unauthorized people trying to login all day long. For the most part these attempted logins were from hacking scripts whose job is to try various common usernames and password until they find a combination that works. Frequently I would see entries in my /var/log/messages file that look like:
Apr 8 14:52:34 as1 sshd(pam_unix): check pass; user unknown
Apr 8 14:52:34 as1 sshd(pam_unix): authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=18.104.22.168
While these scripts were never able to login, I did not like that fact that they were able to try to so easily.
My solution to stopping these hacking scripts from trying to login to my server was to just change the port that SSH listens on. It’s simply security through obscurity. I’m not here to argue on whether this will totally protect my server or not since I know there are multiple sides to the argument. You’ll find people who will suggest that I use public/private keys, firewalls, and VPN’s, and for an environment housing sensitive data I do agree with this. However, for my home server I was unwilling to spend any money. I wanted a solution that stopped my problem and took less than 5 minutes of effort.
Here’s how I did it on RedHat AS 4. continue reading…