ssh via webmin.

jameswilson · Post by **jameswilson** » Tue Mar 14, 2006 9:28 am

I have a system with a couple of ports open on the web but not 22. I would like to use ssh to 'talk' to the box but whenever i open 22 i keep getting dictionary attacks on the machine.

I have noticed there are a couple of webmin modules for ssh access and wondered if anyone knew how to configure these to use the webmin port alone?

Cheers

James

Post by **cordel** » Tue Mar 14, 2006 6:12 pm

Hi James,
Your best bet is to change the ssh port to a nonstandard port in ssh.conf then in webmin you can check the "module config" tab and set the port to the same port you configured in ssh.conf. Of coarse you can do all this trough webmin as well by going to "servers" -> "ssh server" -> "networking" and setting the port for the server then set the module the same settings in "others" -> "ssh/telnet" -> "module config" -> "Port to connect to:"

cheers,
Corey

Post by **zoneminder** » Wed Mar 15, 2006 11:07 pm

I second that. Never leave ssh on port 22 it's just too much hassle. Checks zm.com for ssh on 22

jameswilson · Post by **jameswilson** » Wed Mar 15, 2006 11:57 pm

i see never leave anything on default port numbers.

The problem is i.t. have opened 80, 443 and 10000 for me but wont open any more, so i was hoping that webmin could connect to ssh via the 10000 as i cannot open any more ports

Post by **zoneminder** » Thu Mar 16, 2006 12:05 am

You can tunnel ssh over http I think but I wouldn't recommend it. Is there a reason why you can't get port 6376 for instance opened? Can you not tell IT who's the boss?

jameswilson · Post by **jameswilson** » Thu Mar 16, 2006 12:08 am

its not my i.t department so i doubt that would go down to well lol.

Most of the time i dont need it as i can do everything from webmin normally but i really mis top and seeing what the processors are upto live.

If its too hard i will give up i think. I use putty on the lan a treat

Post by **zoneminder** » Thu Mar 16, 2006 12:16 am

I know it's not quite the same but you can use top -n 1 -b via the execute command function of webmin. I'm surprised that you managed to get port 10000 opened up but not one for ssh. The other alternative is configuring ssh to also run on port 10000 and remembering to switch sshd and webmin on and off appropriately. It's a bit risky though in case you forget and log yourself out.

rdmelin · Post by **rdmelin** » Thu Mar 16, 2006 11:22 pm

Hi all,

To deal with this type of attack I use DenyHosts

http://denyhosts.sourceforge.net/

It's very configurable. I set mine up to cut off an IP address after 3 failed ssh attempts, or one failed attempt as root. Thereafter all packets from the offending address to any port (configurable) are dropped.

If this will solve the problem for you it can be less complicated than the convoluted ssh, sftp, scp commands using a nonstandard port.

Best regards,

Ross

jameswilson · Post by **jameswilson** » Thu Mar 16, 2006 11:26 pm

looks ideal Ross
Thanks