*New 12.1 series Release:
2020-03-24: XigmaNAS 12.1.0.4.7389 - released

*New 11.3 series Release:
2020-03-24: XigmaNAS 11.3.0.4.7383 - released!


We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

IP ruleset for ssh and sftp Access

If you are new on this forum and you don't know where to post please use this sub-forum. Somebody will answer your question and/or will move your topic into the right sub-forum.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
markmarques
Starter
Starter
Posts: 21
Joined: 26 Feb 2018 13:27
Status: Offline

IP ruleset for ssh and sftp Access

#1

Post by markmarques »

Only recently had the audacy to finally putting my Xigmanas server accessible from the internet.

Although despite only giving the ssh port ( with a different port from 22 ) available, I keep getting more than 500 tries to access the server , ranging from all corners of the world ...

What Ip ruleset could I use to minimize those kind of actions ?
For a server where I only need the access to SSH e SFTP what kind of rules can I set ?

thanks in advance
Last edited by markmarques on 25 Mar 2020 14:05, edited 1 time in total.

User avatar
raulfg3
Site Admin
Site Admin
Posts: 4961
Joined: 22 Jun 2012 22:13
Location: Madrid (ESPAÑA)
Contact:
Status: Offline

Re: IP ruleset for ssh and sftp Access

#2

Post by raulfg3 »

do you use public keys?: viewtopic.php?f=23&t=14659
12.0.0.4 (revision 6766)+OBI on SUPERMICRO X8SIL-F 8GB of ECC RAM, 12x3TB disk in 3 vdev in RaidZ1 = 32TB Raw size only 22TB usable

Wiki
Last changes

markmarques
Starter
Starter
Posts: 21
Joined: 26 Feb 2018 13:27
Status: Offline

Re: IP ruleset for ssh and sftp Access

#3

Post by markmarques »

No... I do not use public keys...

Due to some details I have to "hop" from machine to machine and access the Xigma Server from several machines ...
so a public key exchange is not possible...

Sometimes I am behind a squid proxy, so I have access to a common port like 443 ou 444 ...
which I had to configure on my router to map into the Xigma Server higher port ....

( that is why I get this kind of http requests on my System Log s... )
sshd: error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"

Although In the sshd logs, I have more than 500 tries a day from multiple IPs ,
ranging from users like root , user, postgres, zimbra, support, cacti, test , mysql , ubuntu, admin, oracle ...

How do I start to mitigate this ?
Last edited by markmarques on 25 Mar 2020 14:06, edited 1 time in total.

cookiemonster
Advanced User
Advanced User
Posts: 221
Joined: 23 Mar 2014 02:58
Location: UK
Status: Offline

Re: IP ruleset for ssh and sftp Access

#4

Post by cookiemonster »

So it sounds like you are realising that once a port is open to the open, all sorts of miscreants will attempt to break in. I personally wouldn't allow ssh of my XigmaNas to the internet but your needs might be different. What I can tell you on a machine that I use to ssh into and then hop to XN, is an Ubuntu machine and there I install and configure fail2ban with permaban. Works perfectly. If you wanted to do that, or any other banning mechanism in XN you'd probably best using Full installation on RootOnZFS, in my opinion.
Main: Xigmanas 11.2.0.4 x64-full-RootOnZFS on Supermicro X8DT3. zroot on mirrorred pair of CRUCIAL_CT64M225. Memory: 72GB ECC; 2 Xeon E5645 CPUs; Storage: (HBA) - LSI SAS 9211-4i with 3 SATA x 1 Tb in raidZ1, 1 x 3 Tb SAS drive as single stripe.
Spare1: HP DL580 G5; 128 GB ECC RAM; 4 CPU; 8 x 500 GB disks on H210i
Spare2: HP DL360 G7; 6 GB ECC RAM; 1 Xeon CPU; 5 x 500 GB disks on H210i
Spare3: HP DL380 G7; 24 GB ECC RAM; 2 Xeon E5645 CPUs; 8 x 500 GB disks on IBM M1015 flashed to LSI9211-IT

markmarques
Starter
Starter
Posts: 21
Joined: 26 Feb 2018 13:27
Status: Offline

Re: IP ruleset for ssh and sftp Access

#5

Post by markmarques »

After some research i noticed that the fail2ban would be a good aproach ...

is it available to add or install in XigmaNAS ?

coatmaker618
Starter
Starter
Posts: 41
Joined: 23 Feb 2014 07:55
Status: Offline

Re: IP ruleset for ssh and sftp Access

#6

Post by coatmaker618 »

looks like it is:
viewtopic.php?t=9941

That said (sorry to be THAT GUY), why not run a VPN instead? This is exactly what they're designed to do, and you even get a level of depth for security/notification!

Post Reply

Return to “Newbie Questions”