command utk find out connection port mana pc aku guna
ns003:~# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 17829 root 4u IPv6 12689530 UDP *:34327
named 17829 root 6u IPv4 12689531 UDP *:34329
named 17829 root 20u IPv4 12689526 UDP ns003.unternet.net:domain
named 17829 root 21u IPv4 12689527 TCP ns003.unternet.net:domain (LISTEN)
named 17829 root 22u IPv4 12689528 UDP 209.40.205.146:domain
named 17829 root 23u IPv4 12689529 TCP 209.40.205.146:domain (LISTEN)
lighttpd 17841 www-data 4u IPv4 12689564 TCP *:www (LISTEN)
sshd 17860 root 3u IPv6 12689580 TCP *:ssh (LISTEN)
sshd 17880 root 3u IPv6 12689629 TCP *:8899 (LISTEN)
sshd 30435 root 4u IPv6 74368139 TCP 209.40.205.146:8899->dsl-189-130-12-20.prod-infinitum.com.mx:3262 (ESTABLISHED)
Don't allow root logins on your primary sshd port 22 (set PermitRootLogin to "no"); many automated tools run brute-force attacks on that. Set up a secondary port for root access that only works by shared keys, disallowing passwords: Copy the sshd_config file to root_sshd_config, and change the following items in the new file:
- Port from 22 to some other number, say 8899 (don't use this! make up your own!)
- PermitRootLogin from "no" (you were supposed to set it to "no" for port 22, remember?) to "yes"
- AllowUsers root add this line, or if it exists, change it to allow only root logins on this port
- ChallengeResponseAuthentication no uncomment this line if it's commented out, and make sure it says "no" instead of "yes"
test command ni
sshd -D -f /etc/ssh/root_sshd_config
and see if it works correctly -- try logging in from another computer (you must have already set up shared-key authentication between the two computers) using:
ssh -p8899 root@my.remote.server
and if so, control-C at the above (sshd) command to stop the sshd daemon, then add this to the end of /etc/inittab:
rssh:2345:respawn:sshd -D -f /etc/ssh/root_sshd_config
- Restart the init task: # init q This will run your "root ssh daemon" as a background task, automatically restarting it in case of failure.
