Limit SSH connections geographically

There is a real security risk to leaving your shell connection ports exposed to the internet especially if you don’t ever intend on connecting from Zimbabwe as well as other random countries. This can limit brute force attack exposure and also save valuable resources and bandwidth by rejecting a packets before a tcp handshake. Install… Read more »

Adding Colour to Linux Bash Shell

If the standard black and grey makes you feel uninspired, you can change this by adding two lines to your .bashrc file in the users profile. 1. Edit the .bashrc file 2. Add the following lines Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you… Read more »

Stop SSH from Listening on IPv6

By default, SSH listens on both IPv4 and IPv6, if you don’t connect using IPv6 then you can disable it entirely from listening. Example: Edit your SSH config file /etc/ssh/sshd_config Uncomment out the following line: Restart SSH daemon Rerun netstat to check it isn’t listening Should you have any questions, comments or suggestions, please don’t… Read more »

Hardening SSHD for Security

The secure shell daemon should be hardened to prevent unauthorised access before being put into a production environment or exposed to the internet. 1. Verify the /etc/ssh/sshd_config file contains the following lines and that they are not commented out: Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you… Read more »

Key-based SSH Login Authentication on Linux with Putty

This guide describes how to generate a private and public key pair to log into a Linux server over SSH using Putty. Using key based exchange allows you to disable the normal username and password authentication procedure which increases security and removes the ability to brute force logins to the server. Putty & Utilities First… Read more »

Setting up BackTrack 5 R3

Setting up BackTrack 5 R3 Out of the box you might find that BackTrack 5 doesn’t give you some basic services, this is just a quick note on how to make things work. Run all commands without the “#” Update Packages #apt-get update #apt-get upgrade Enable SSH Keys Generate SSH Keys #sshd-generate AutoStart SSH #update-rc.d… Read more »

How to block telnet and SSH on outside interface on Cisco routers

How to block telnet and SSH on outside interface on Cisco routers By default, a lot of Cisco routers allow Telnet and SSH on the outside interface, this can cause a large security risk of being brute force attacked. Ideally Telnet should be blocked completely as it is an unsecure protocol and SSH should only… Read more »