SSH

Brute force blocker for RHEL 3

Part of the historical inheritance in IT is, that old systems never want to die.

There is an FTP server running under RedHat 3.6 (which is from 2006, I think). And since FTP should be reachable from the Internet, quite often some kids are trying to run brute-force attacks against the SSH port to see if they manage to get in.

While the sligthly more update Operating systems now have more advanced possibilities available to implement those rather quite simple tasks, the good old fashion version 3 now.

Before going through the hassle of trying to update Python, the system or anything else I found a bash script on seclist.org.

After pimping it with a bit of documentation and the suggested changes from the follow-up posts, I ended up with a working script that locks out all the attacking hosts, why ignoring the hosts coming from private ranges at the same time.

The script is in the Github-repository.

Non-interactive ssh-keygen

Source

$ ssh-keygen -t rsa -f <file> -N "" [-q]

Use only password auth on client

Source

$ ssh -o PreferredAuthentications=password ....

SSH Fingerprint checking

Source

ssh-keygen -l -f id_rsa
2048 SHA256:z96jtEGIqfLoaq1INIBFI/3K2M+f9xZUyupsm3itgvI no comment (RSA)

SSH escaped characters

Source

Sequence Description
~. Terminate connection
~B Send a BREAK to the remote system
~C Open a command line. This allows adding port forwardings using -L, -R and -D. It also allows cancellation existing port forwardings.
~R Request rekey
~V/v Decrease/increase verbosity (LogLevel)
~^Z Suspend ssh
~# List forwarded connections
~& Background ssh (when waiting for connections to terminate)
~? This message
~~ Send the escape character by typing it twice

Usage of -C: -LK[bind_address:]local_port, -KR[bind_address:]remote_port, -KD[bind_address:]dynamic_port_forwardings.

!command execute local command when the PermitLocalCommand option is enabled in ssh_config(5).

Basic help is available using -h.

Convert single line key to multiline

Source

sed -e "s/-----BEGIN RSA PRIVATE KEY-----/&\n/"\
    -e "s/-----END RSA PRIVATE KEY-----/\n&/"\  
    -e "s/\S{64}/&\n/g"\
    ~/.ssh/id_rsa