server security

Discussion in 'Server Operation' started by Tom John, Nov 28, 2020.

  1. Tom John

    Tom John Member HowtoForge Supporter

    Hi guys,
    i run a ubuntu20.04 with ISPConfig 3.2 and apache2
    when i put in command:
    Code:
    [email protected]:~# ss | grep -i ssh
    tcp   ESTAB       0       36                             167.86.78.111:ssh                            31.14.62.112:36766                                      
    tcp   ESTAB       0       68                             167.86.78.111:ssh                         193.112.107.200:36144
    
    there i assume i have 2 ssh connections
    when i run who i get this result:
    Code:
    [email protected]:~# who
    root     pts/0        2020-11-28 17:20 (31.14.62.112)
    
    
    now i am confused if another user is connected to my server.
    maybe someone can give me an idea ?
    thanks a lot for your help

    i wonder because i made a check with rkhunter and get this result:
    Code:
    [email protected]:~# rkhunter --check --rwo
    Warning: User 'web37' has been added to the passwd file.
    Warning: Changes found in the group file for group 'sshusers':
             User 'web37' has been added to the group
    Warning: The SSH and rkhunter configuration options should be the same:
             SSH configuration option 'Protocol': 2
             Rkhunter configuration option 'ALLOW_SSH_PROT_V1': 2
    
    
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    If your server allows ssh connections from the internet, you will get connections/login attempts fairly non-stop, around the clock. Your logs will show more info.
     
  3. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I would advise only using key to access ssh and disable password access. Key can have password too. You can also restrict access via firewall to certain ip address for ssh access.
     

Share This Page