forum.excito.org

I'm using ssh to access my bubba two, and it will not let me save a revised ssh_config file in the /etc/ssh directory.

I am using super user (root login) and have attempted to change the default file permissions for the /etc/ssh directory and these attempts too have been blocked.

What do I need to do to save a ssh_config file with the parameters I wish to use, please?

I get non-stop hacking attempts if I leave port 22 open! It seems to be one of the most hacked ports on the net.

TIA

I think its sshd_config you need to change

novis wrote:I think its sshd_config you need to change

Thanks - but I still have the same problem with write access to the sshd_config file. I have made myself root - but the file won't copy over from my pc to the Bubba two.

I can copy the same file without a problem using the same set-up to another directory e.g. /home/storage/Docs. This has 777 permission mode - ie read and write for owner, group and other. The directory I am trying to copy the file to has 755 permission mode - ie write permissions denied for group and other.

As root, I would assume that I am owner anyway. I can't change the permissions either!

It seems to me that this version of Linux (Debian) must have some other master level permissions that is preventing me access to these files.

Anyone with any clues please?

Thanks

Hi
I don't really understand your problem
you login to the bubba2 using ssh or putty and change
Port 22
into
Port 9999 (for example)
this does not work?
cheers
Eek

Eek wrote:Hi
I don't really understand your problem
you login to the bubba2 using ssh or putty

Code: Select all

su -
cd /etc/ssh
vi sshd_config

and change
Port 22
into
Port 9999 (for example)
this does not work?
cheers
Eek

I've just tried that using ssh client, and it just displays the contents of the file I would like to amend. It appears to me to be simply a display of the file contents - how does one amend the port 22 line item to port 12345?

Thanks for the input - I have no problem changing the port in Suse or Mandrake running on a PC using my ssh client. However it doesn't work with bubba/Debian for some reason....

It seems to me that Bubba would be far more secure if the default box was shipped with a high port number for ssh - with appropriate notification in the set-up guide. This would eliminate 99%+ of ssh hacking attempts. I don't think it matters if every Bubba Two ships with the same non-standard port - most hackers seem to be dumb and just working to a "formula".

Most of them seem to be in China, and they are attempting brute force attacks with totally dumb user ID and password combinations - it just annoys me to see the router LED flashing all the time:-) I know that changing port 22 would stop it - but how does one do this in bubba-land ????

Rick

I just tried mine
su -
vi /etc/ssh/sshd_config
change Port 22 into Port 12345
:wq
/etc/init.d/ssh restart

now i can connect on ssh port 12345

cheers
Eek

Eek wrote:I just tried mine
su -
vi /etc/ssh/sshd_config
change Port 22 into Port 12345
:wq
/etc/init.d/ssh restart

now i can connect on ssh port 12345

cheers
Eek

I have tried that. It doesn't work.

My problem is that when VI opens this file, it seems to be in read only mode. I can't edit it! (I haven't used any switches to make it read only). Which is consistent with the problem I am having copying an edited sshd_config file to the directory. It refuses to copy the file.

There must be some other master security file that is preventing SU from modifying files in this directory in my configuration.

ciao

Rick

can you do a ls -l /etc/ssh/*
and try doing a :w!

Eek wrote:can you do a ls -l /etc/ssh/*
and try doing a :w!

I get:

bubba:/home/ssh1# ls -l /etc/ssh/*
-rw-r--r-- 1 root root 2064867 2008-05-13 16:22 /etc/ssh/blacklist.DSA-1024
-rw-r--r-- 1 root root 2064867 2008-05-13 16:22 /etc/ssh/blacklist.RSA-2048
-rw-r--r-- 1 root root 132777 2008-07-21 14:40 /etc/ssh/moduli
-rw-r--r-- 1 root root 1424 2008-07-21 14:40 /etc/ssh/ssh_config
-rw-r--r-- 1 root root 1887 2008-09-23 15:16 /etc/ssh/sshd_config
-rw------- 1 root root 668 2008-09-23 15:16 /etc/ssh/ssh_host_dsa_key
-rw-r--r-- 1 root root 596 2008-09-23 15:16 /etc/ssh/ssh_host_dsa_key.pub
-rw------- 1 root root 1675 2008-09-23 15:16 /etc/ssh/ssh_host_rsa_key
-rw-r--r-- 1 root root 392 2008-09-23 15:16 /etc/ssh/ssh_host_rsa_key.pub
bubba:/home/ssh1# :w!
bash: :w!: command not found
bubba:/home/ssh1# :w!
bash: :w!: command not found
bubba:/home/ssh1#


Not sure if I understand the :w! command

Rick

verify you are root this should give:

uid=0(root) gid=0(root) groups=0(root)

maybe you should use nano instead of vi change the portnumber and save the file

cheers
Eek

I think that this might be a 'vi' issue, if you are not used to 'vi' try using an editor that is a bit more "user friendly" such as 'nano' /PA