SSH

Remove or Disable ESXi Shell SSH Warnings-Errors for ESXi vSphere 5

If you receive the following warnings in vSphere/vCenter 5 on and ESXi 5 host, there is a way to suppress the warning messages:

ESXi Shell SSH Warning 1

Configuration Issues

ESXi Shell for the host has been enabled

SSH for the host has been enabled

​This warning occurs when you have Remote SSH and the ESXi Shell for management of hosts enabled. By default, it will alert you, as a precautionary measure, to ensure you do not accidently leave it enabled. If you wish to permanently disable the warnings, you can easily do so from the GUI or command line:

  • GUI - Remove Shell SSH Warnings

From vCenter or vSphere, go to Home > Inventory > Hosts and Clusters and select the host. On the configuration tab, click on Advanced Settings:

ESXi Shell SSH Warning 2

From the Advanced Settings window, select UserVars. Scroll to the bottom and change the value of UserVars.SuppressShellWarning from 0 to 1:

ESXi Shell SSH Warning 3

Repeat these steps for any other hosts

How to Change the Default SSH Port in Ubuntu

Changing the default SSH listening port is a quick and easy way to prevent random traffic and common attacks from "script kiddies". It won't make your system more secure, it will just make it slightly more difficult for an attacker. The main reason why you would change the listen port from 22 to something else is to stay out of the way of broad internet port scans that are seeking out common ports. In my example I will be using Ubuntu 10.10, however, this should work on any current version of Ubuntu.

Open this file using your favorite text editor: /etc/ssh/sshd_config

sudo vim /etc/ssh/sshd_config

Simply modify the line "Port 22" to whatever port you want that isn't currently being used. The most common SSH alternative port is 2222. Then run this command for that change to take effect:

sudo reload ssh

If that command doesn't work on your OS, run this:

sudo /etc/init.d/ssh reload

That's it. You can now test it by opening a terminal and trying to connect to the local host on the new port:

ssh -p 2222 localhost

If you are looking for additional security for SSH, check out this tutorial on installing and configuring fail2ban:

How to view and remove banned IP's from Fail2ban on Ubuntu 10.04

If you followed the tutorial, "How to Install and Configure fail2ban on Ubuntu 10.04 for SSH and Pure-FTPd" then you should have Fail2ban installed and configured  for SSH and Pure-FTPd. You may be curious how to view which IP's are banned or blocked by Fail2ban, or you may wan't to remove some of them from the banned list. To view all addresses that are blocked, run the following command:

sudo iptables -L -n

Banned SSH IP's look like this:

Chain fail2ban-ssh (1 references)

target     prot opt source               destination         

DROP       all  --  192.168.100.100          0.0.0.0/0           

RETURN     all  --  0.0.0.0/0            0.0.0.0/0

 

Banned ftp IP's look like this:

Chain fail2ban-pure-ftpd (1 references)

target     prot opt source               destination         

DROP       all  --  192.168.100.100         0.0.0.0/0

To remove an IP address from the banned SSH list, run the following command:

How to Install and Configure fail2ban on Ubuntu 10.04 for SSH and Pure-FTPd

Fail2ban is an intrusion prevention framework. It's main purpose is to block IP addresses belonging to hosts that are trying to breach the system's security. I highly recommend any linux administrator to implement this software. In my example, I will be installing Fail2ban on Ubuntu 10.04 64 bit Server Edition. I will be utilizing Fail2ban for SSH and Pure-FTPd.

To begin, install Fail2ban by running the following command:

sudo apt-get install fail2ban

By default, Fail2ban is Ubuntu friendly, meaning that it is configured to ban IP's after 6 failed SSH attempts. You can verify that it is enabled by viewing the contents of /etc/fail2ban/jail.conf:

cat /etc/fail2ban/jail.conf

 

Make sure that this section is in there and that it is set to true:

[ssh]

 

enabled = true

port = ssh

filter = sshd

logpath  = /var/log/auth.log

maxretry = 6

 

To configure Fail2ban for Pure-FTPd, run the following commands:

sudo vim /etc/fail2ban/jail.conf

 

Add the following lines to the section labeled "FTP servers":

[pure-ftpd]

 

How to Crack SSH, FTP, or Telnet server using Hydra - Ubuntu

Hydra is a tool that makes cracking protocols such as ssh, ftp and telnet relatively easy. In my example, I will be cracking SSH using Hyrda 5.9.1 on Ubuntu 10.10 64 bit (***Update for Ubuntu 12.04 - Replace all references of Hydre 5.9.1 with Hyrda 7.3, which can be downloaded here). Although this example uses Ubuntu, these commands should work on any Debian based system such as Debian and Linux Mint. Hydra uses password lists to brute force the SSH server. If you need help finding a good password list, check here:

http://www.google.com/search?aq=f&sourceid=chrome&ie=UTF-8&q=password+list

Here is what my password list looks like (this is a short list that I made solely for this tutorial):

 

To begin, we will need to install a few packages:

  • sudo apt-get install libssh-dev nmap build-essential linux-headers-$(uname -r) libgtk2.0-dev libssl-dev cmake

I put nmap in there just to do fingerprinting before we attack. Run the following for the nmap scan:

Subscribe to SSH