SSH FTP security question

Discussion in 'Network questions and troubleshooting' started by DerSchniffles, May 18, 2012.

  1. DerSchniffles

    DerSchniffles Ancient Guru

    Likes Received:
    Zotac GTX1080ti
    Hey guys, I have a SSH FTP server setup on my home network to allow me access to my home computer files (file browser)through an android app. It has a 1024 bit hex encryption linked to my computer login account with a strong password.

    Thing is, ive been having someone and/or alot of people trying to get in. In my log viewer there have been tons and tons of hits with someone trying to login with user names such as 'root' or 'android' or 'oracle' and the like. Anything I should be doing extra to make sure no one will get in? Im behind my router firewall (oh boy) and windows firewall but it obviously didnt stop anyone from trying to login to the server.

    Any advice?

    *edit* Im using WinSSHD
  2. deltatux

    deltatux Ancient Guru

    Likes Received:
    GIGABYTE Radeon R9 280
    Stop using port 22. It's just a brute force login script which just goes out and finds SSH servers out there and tries to break in. Nothing really malicious.

    If you are really paranoid then don't use password authentication at all and use SSH key authentication.

    Also, if you're going to use SSH, why not use it on what it was designed for, which is UNIX operating systems? They integrate a lot better and you get more out of it via OpenSSH like command line access (which is the main design for SSH).

    Last edited: May 19, 2012
  3. stut85

    stut85 Member Guru

    Likes Received:
    Sapphire HD5850 1GB
    Just my two cents, this may be the case already but you could try the following which may at least reduce traffic a little;

    Have a look at your firewall on the router to make sure that you dont have "Respond to Ping from WAN or Internet" selected, as this is that would make your router discoverable by sniffers and general ping requests.

    Second thing is, if possible turn off UPNP on your router and to only have the specific ports open for SSH/FTP access.

    Are the hits coming from the same IP address every time? If it is the case you may be able to block the IP address or addresses in a specific range using your firewall.


    Deltatux's answer above is probably far more relevant ;)

Share This Page