boot logs shows chinese ip trying to login ssh
#1
My boot logs show chinese ip, anyway to prevent this?

I am using lastest ayufan's image
Code:
root@rock64:~# uname -a
Linux rock64 4.4.126-rockchip-ayufan-239 #1 SMP Sun May 27 18:38:24 UTC 2018 aarch64 GNU/Linux
root@rock64:~#



[Image: X7UEpXC.png]

[Image: GcmM8jX.png]
#2
I would recommend not running sshd on a public IP address unless there is some reason you need to log in remotely. The most secure way is to put the machine behind a firewall.

or if you have multiple network interfaces, you can tell sshd only to listen on the internal one. You can also tell sshd not to allow root to log in over ssh. You can also tell sshd to listen on a different port than 22, this will cut down on login attempts but not eliminate them. All of these things can be done by editing /etc/ssh/sshd_config.

Another thing you can do is configure sshd to authenticate using RSA encryption keys instead of passwords (you have to generate the keys first and distribute them to any machine(s) you want to connect from).

Here's an article with some good tips on securing your SSH: https://www.cyberciti.biz/tips/linux-uni...tices.html
#3
(05-31-2018, 01:28 PM)psychedup Wrote: I would recommend not running sshd on a public IP address unless there is some reason you need to log in remotely. The most secure way is to put the machine behind a firewall.

or if you have multiple network interfaces, you can tell sshd only to listen on the internal one. You can also tell sshd not to allow root to log in over ssh. You can also tell sshd to listen on a different port than 22, this will cut down on login attempts but not eliminate them. All of these things can be done by editing /etc/ssh/sshd_config.

Another thing you can do is configure sshd to authenticate using RSA encryption keys instead of passwords (you have to generate the keys first and distribute them to any machine(s) you want to connect from).

Here's an article with some good tips on securing your SSH: https://www.cyberciti.biz/tips/linux-uni...tices.html

Thanks @psychedup,

I disabled root, and change port, and it helped.
#4
(05-31-2018, 01:28 PM)psychedup Wrote: I would recommend not running sshd on a public IP address unless there is some reason you need to log in remotely. The most secure way is to put the machine behind a firewall.

Or at least use SSH keys
#5
(05-31-2018, 04:24 PM)evilbunny Wrote:
(05-31-2018, 01:28 PM)psychedup Wrote: I would recommend not running sshd on a public IP address unless there is some reason you need to log in remotely. The most secure way is to put the machine behind a firewall.

Or at least use SSH keys

I third that suggestion. Generate RSA keys and disable password login, as well as preventing root login via ssh.
#6
Have you any periphals like cameras attached. They're notorious for calling back home. You did a reverse lookup so you know the source. Hackers haven.
#7
(06-01-2018, 08:25 AM)Rocklobster Wrote: Have you any periphals like cameras attached. They're notorious for calling back home. You did a reverse lookup so you know the source. Hackers haven.

This true in Windows where cheap no-name imported devices often require installation of unsigned suspect drivers.   It should NOT happen in Linux with vetted opensource drivers.

But your observation that this may have happened because the Rock64 "phoned home" is probably right on track, because in my experience, most of the time, an attack like this is not due to random port scanning, but is rather a targeted attempt to compromise a machine where some kind of embeded malware has pinged back to the mothership.

If the original poster had been foolish enough to have not reset the root password BEFORE connecting to the internet (as many are) then the Rock64 would have immediately been compromised and become a vector to attempt to compromise EVERY OTHER MACHINE ON THE LOCAL NETWORK.

This is serious stuff.  Someone should setup up a dummy honeypot network with some old PC's with names like DARPA_370 and LAB_04, then hook a fresh Rock64 up through a logging router or access point and see if it starts to sniff around and then tries to "phone home".


Possibly Related Threads…
Thread Author Replies Views Last Post
  Rock64 won't boot luminosity7 10 6,316 03-16-2024, 08:33 AM
Last Post: dmitrymyadzelets
  Rock64 doesn't boot dstallmo 1 807 03-16-2024, 08:29 AM
Last Post: dmitrymyadzelets
  Boot from SPI first mjnck 1 2,008 02-29-2024, 02:12 PM
Last Post: reukiodo
  ROCK64 v3 can it boot from USB? Tsagualsa 4 3,106 11-29-2022, 11:31 AM
Last Post: Macgyver
  Rock64 u-boot for eMMC Build Error mexicanflyer 0 1,444 09-18-2022, 02:29 PM
Last Post: mexicanflyer
  boot hdd usb3 philipe 1 3,106 01-27-2021, 02:12 PM
Last Post: tllim
  Libreelec Rock64 - 4GB no boot spiker15 3 5,374 11-02-2020, 12:36 AM
Last Post: wilsonYan
  Rock64 - boot helpmerock 2 4,075 10-08-2020, 01:29 PM
Last Post: helpmerock
  No boot up after power on Whoopsadaisy 4 6,487 09-26-2020, 05:14 PM
Last Post: simonsouth
Bug u-boot (forks) status mcerveny 14 17,778 08-27-2020, 01:44 PM
Last Post: globaltree

Forum Jump:


Users browsing this thread: 1 Guest(s)