It is currently Wed Feb 26, 2020 3:32 pm
All times are UTC + 8 hours

SFTP login attempts

Backup and data protection discussion at its finest.

SFTP login attempts

Postby Rockel83 » Thu Feb 06, 2020 7:18 am

I'm using a Asustor NAS for a couple of years already now.
I'm using AiMaster on my phone to controll and monitor my NAS and having notifications activated here.

But I'm getting really tired of SFTP login failures notifications, and sometimes there're a lot of them.

I was already afraid of security risks, since the attemps come from all over the world (mostly asia). So I guess it are just some automated bots who scan for open ports or so.

To minimise risk, I've changed the standerd login credentials, not using the the standard admin login, and think I'm using a fairly strong password. I also activated "auto black list" and letting IP's getting blocked for a specific period after a few login attemps.

But I'm still getting annoyed about the ntifications it gives. I could turn notifications off ofcouse, but I would also like being informed if something's wrong with the NAS.

So I'm looking for a sollution of getting rid of these notifications.

The first option would be changing port 2222 I guess. But there're also apps communicating via this port. So I guess this can give some connection problems unless I configure all the apps to same port I guess? Not sure how it will work out yet...

Also searched the internet a bit, and 2 alternatives I've found are configurating "port triggering" in my (Asus) router, or looking to setup "port knocking". But not sure how to get "port knocking" running yet at the moment.

Annyone who has some practical advise for me in this one? :)
Rockel83
 
Posts: 2
Joined: Fri Mar 11, 2016 9:24 am

Re: SFTP login attempts

Postby father.mande » Thu Feb 06, 2020 4:54 pm

Hi,

First be sure that it's the 2222 port is the target, because you don't need it to use SFTP, SFTP can be used directly using SSH port ... so if you keep 22 (so common) the first thing to do is to change this port to a port > 1024 and not linked too easily with 22 so cancel 222, 2222, etc.

I don't know applications provide by Asustor using SFTP port ??? but in all case ... usually port are define in some config file and are used dynamically, so restarting an application (but please list them) get the port used by SFTP in the config file ... so restart with the good value.

Using a different port for SSH and SFTP is a way to limit the SSH capabilities of a user even it can access its own files using SFTP (ex. a Sync. application use SFTP between a client (PC) and the NAS but not authorize to use SSH) ... the strange in Asustor is to change SFTP port and keep 22 (as default but changeable) for SSH ... usual method is the reverse ...

If you use SFTP ... just validate using SFTP (check box) in Terminal (so using SSH port AND CHANGE IT) menu and forgot SFTP config (uncheck it)
if SFTP specific is require by your usage ... change the port and restart applications (if you knwo it) or reboot.

Philippe.
AS5002T / AS202TE / AS1002T
My Blog specific to my APKG : https://blog.father-mande.ovh/
User avatar
father.mande
 
Posts: 879
Joined: Sat Sep 12, 2015 2:55 am

Re: SFTP login attempts

Postby marp » Thu Feb 06, 2020 7:22 pm

My oppinion - _never_ expose to the internet your ssh/sftp services. Changing the port is no solution, existing scanning devices can identify services running on non-standard ports.

First solution is to configure a strong "on premise" vpn server - either on the NAS box or on another devide - A Raspberry Pi will do just fine - and access ssh/sftp only thru vpn. I would not recommend installing vpn services on your router

Second solution, is ssh/sftp direct access is necessary, after changing the ssh port (see router port forwarding), disable in the ssh_config the password logon for any client IPs not on your local network and use pki authentication for remote ssh access. and always disable ssh root login
marp
 
Posts: 4
Joined: Tue Jan 31, 2017 4:48 pm

Return to Backup and Data Protection

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 2 guests