HELLO & WELCOME

[alex01]

Hi,

I've just changed to BT and have a bthub4.

I have raspberry pi with FreePBX 12.0.76.2 / Asterisk (Ver. 11.20.0) , all working fine except that I can't change SSH port from default. when I change it I can't log in with putty, it just hangs for a while and then shows error: putty fatal error Network error: Software caused connection abort
As soon as I change ssh port back to 22 all is fine. I have tried port forwarding without success.

has anyone else got a similar setup? or has anyone got any idea what is causing this?

any advice would be appreciated - thanks

[WelshPaul]

I use a different SSH port myself...

The ssh configuration files are located in /etc/ssh. You need to change to that directory and then edit the sshd_config file. Use a simple text editor called nano to edit the file. Use the following commands to change to the /etc/ssh folder and then edit sshd_config:

# cd /etc/ssh
# nano sshd_config

Use your arrow keys to move the cursor down to “Port 22”. Use your backspace key to remove “22” and replace it with “2022” (or whatever port number you want, just make sure the port number you enter is not already in use by any other service).

Press ctrl + X to exit and Press “Y” to save the changes. Finally, press enter to confirm you will be overwriting the sshd_config file.

Now that you have changed the ssh port you need to restart ssh for the changes to take effect. This is easily done with the Linux “service” command:

# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
#

Also, have you added the new port number to your FreePBX firewall? You are using one right? Again, restart your firewall for any changes to take effect.

[alex01]

Hi Paul,

yes I did but I was using a port number that I think was not suitable or being used already by another service. I used a 4 figure number and it worked ok.

thanks.

[WelshPaul]

Hi Paul,

yes I did but I was using a port number that I think was not suitable or being used already by another service. I used a 4 figure number and it worked ok.

thanks.

I didn't ask what port number you had used in my post above as I don't like to publicly broadcast what port numbers people choose to use.

Glad you got it working!

[alex01]

Thanks Paul,

the reason for my needing to make ssh changes is that I am getting many fail2ban email notifications that ip's being banned, these seem to be mostly the same ip's I'm getting 20 emails per night. do you know if it's possible to completely block specific ip addresses in fail2ban?

[WelshPaul]

It's a waste of time banning IP's...

You can however edit the fail2ban jail.local config file and stop email notifications for being sent out:-

Find:

Code: Select all

# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_mw)s

Replace with:

Code: Select all

# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s

Or to stop email notifications for SSH bans look for something like this:

Code: Select all

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
logpath  = /var/log/secure
maxretry = 5

Remove the line:

Code: Select all

sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]

Remember to restart the SSH server.

[alex01]

Thanks again Paul,

I've done that but what worries me is if they eventually manage to crack it - it feels a bit like seeing some trying to pick your lock and looking away.

[WelshPaul]

You don't need an email to know someone or some bot is trying to hack your server!

You will end up with hundreds if not thousands of attempts daily, block one IP address permanently and seconds later they are back using another! This isn't just an Asterisk/FreePBX thing, the VPS this forum is hosted on has thousands of attempts daily as does every other server out there...

I have been running and maintaining servers since 2006, in all that time not once have I had a server hacked. Use long passwords that contain upper case, lower case, numbers and symbols. Set fail2ban to ban for longer periods of time, make sure your firewall is configured correctly and change your passwords regularly. You should also block direct root access and make sure your server updates remain current. If your still worried about SSH brute force attempts then use ssh keys, don't allow password logins.

I promise you, your wasting your time blocking an IP permanently. Take a look at this: https://rimuhosting.com/knowledgebase/l ... sh-attacks

Still want to block an IP address or range? take a look at this: http://www.cyberciti.biz/faq/how-do-i-b ... ux-server/