Warninig! Unknown login via SSH

[stern88]

Hi!

I didnt logged-in via SSH for a long time in my Fedora machine, and this was the welcome message:

Code: Select all

administrator@eletiomel:~$ ssh root@hda.home.lan Last login: Tue May 1 08:41:02 2012 from 02d991d1.bb.sky.com [root@hda ~]#

Maybe it is a good idea to install fail2ban per default on Amahi? At next it is maybe a good idea to warn the user. For example by posting a warning-message on the Amahi-Dashboard on the right side (at the "Latest News")

This is my secure-log:

http://fpaste.org/ZSuW/

[bigfoot65]

Interesting. So I take it you have your HDA exposed via port forward?

[stern88]

Interesting. So I take it you have your HDA exposed via port forward?

Hmm.... yes. It was allowed to login in my root-account with a password

And i forwarded port 22 to my HDA

But now its only possible to login with public keys:

Code: Select all

PasswordAuthentication no UsePAM no

However, its my idea to let the user know if there is someone trying to login via ssh. Not everyone checks the logs (like secure) regulary.

Mybe its possible to install fail2ban per default and to post a message on the HDA-wall in case there are frequent failed logins?

[bigfoot65]

Not sure if that solution is doable by default. Recommend you file a feature request in the bug tracker.

We might be able to add something as an app, but incorporating it in the actual HDA may not be the best answer. Not everyone exposes port 22 to the internet. For those who do, maybe there needs to be a disclaimer somewhere in guidance that details the risk. Obviously folks have to know that anytime you expose your network to the internet, there are risks. I believe we do mention that in wiki guidance.

Ideally it would be nice if we could incorporate a lot of security measures by default, but not sure that can be easily done. Maybe we can find some web app that can serve this purpose.