0

I sort of inherited an older server that has sshd on port 22 with root login permitted. You can image how full these logs are.

Since there are multiple people connecting to the server as root, all of them are authenticated using ssh key I figured that the simplest solution would be to turn on PermitRootLogin without-password.

My question is: would that stop that log overflow?

A. Kounovský
  • 96
  • 1
    Wait... why would you allow access to root without a password? Whatever your reason - no the authentication will still be visible but instead of via pub key it will say "logged in" or something like that. How many people have root rights on your server....? Are you looking for something specific in your log file? – Ziazis May 22 '17 at 13:11
  • It's just a general checkin after I got access to it. Login without-password does not mean that it allows averyone who claims to be root in, but instead, it won't ask for password. Logins will still be secured using the ssh keys that are in use currently. – A. Kounovský May 22 '17 at 13:39
  • Why would it prevent logging? SSH is still going to log that root logged in, but with a key – muru May 22 '17 at 13:43
  • Ha, my fault I haven't done something with that for quite a while. info on that I think it will still show everything... since they still try to authenticate. It might shorten it however since they don't get a few tries but get denied instantly. – Ziazis May 22 '17 at 13:49
  • @muru My intention is not preventing all logging, just to avoid the flood with failed root login attempts. – A. Kounovský May 22 '17 at 14:44

1 Answers1

1

No. The authentication will still be going on, but it will never succeed. If you want to avoid filling of the server log, you should go on with some reactive security, such as fail2ban.

Jakuje
  • 6,605
  • 7
  • 30
  • 37
  • We do have fail2ban present, I just wanted to prevent the log flooding with failed root attempts. I guess that I'll just switch the port, then. – A. Kounovský May 22 '17 at 14:45
  • @A.Kounovský switching ports, even to 2222 but even better something random in the 10k+ range works wonders. – grooveplex May 22 '17 at 20:07
  • It works for random scans, but does not improve much about targeted attacks not usability. – Jakuje May 22 '17 at 20:20