Menu
I recently started looking at my auth-logs and surprisingly found bots from china trying to bruteforce their way in this (didnt try hard). I went all about changing numerous things that bots would never check, and made harder to bruteforce.
My question is:
I am trying to find a list of all users that can log in to my server via SSH. I know that /etc/passwd has a list of all users, but I don't know if any of them (except for 1) can be logged in.
My goal is to only have 1 user that can be logged in, and having that user have a real strong password.
632
Using the Last Command For example, “/var/log/wtmp” shows all the users who have logged in and out since the file's creation. The command also gives you information about the created SSH sessions between the client and server.
Secure Shell is used to connect to servers, make changes, perform uploads and exit, either using tools or directly through the terminal. SSH keys can be employed to automate access to servers and often are used in scripts, backup systems and configuration management tools.
In order to find the last SSH logins performed on your Linux machine, you can simply inspect the content of the “/var/log/auth. log” and pipe it with “grep” to find SSH logs.
Read man sshd_config for more details, but you can use the AllowUsers directive in /etc/ssh/sshd_config to limit the set of users who can login.
e.g.
AllowUsers boris
would mean that only the boris user could login via ssh.
114
Any user with a valid shell in /etc/passwd can potentially login. If you want to improve security, set up SSH with public-key authentication (there is lots of info on the web on doing this), install a public key in one user's ~/.ssh/authorized_keys file, and disable password-based authentication. This will prevent anybody except that one user from logging in, and will require that the user have in their possession the matching private key. Make sure the private key has a decent passphrase.
To prevent bots from trying to get in, run SSH on a port other than 22 (i.e. 3456). This doesn't improve security but prevents script-kiddies and bots from cluttering up your logs with failed attempts.
27
Any user whose login shell setting in /etc/passwd is an interactive shell can login. I don't think there's a totally reliable way to tell if a program is an interactive shell; checking whether it's in /etc/shells is probably as good as you can get.
Other users can also login, but the program they run should not allow them to get much access to the system. And users that aren't allowed to login at all should have /etc/false as their shell -- this will just log them out immediately.
7
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
