Page 1 of 1

SFTP login attempts

PostPosted: Thu Feb 06, 2020 7:18 am
by Rockel83
I'm using a Asustor NAS for a couple of years already now.
I'm using AiMaster on my phone to controll and monitor my NAS and having notifications activated here.

But I'm getting really tired of SFTP login failures notifications, and sometimes there're a lot of them.

I was already afraid of security risks, since the attemps come from all over the world (mostly asia). So I guess it are just some automated bots who scan for open ports or so.

To minimise risk, I've changed the standerd login credentials, not using the the standard admin login, and think I'm using a fairly strong password. I also activated "auto black list" and letting IP's getting blocked for a specific period after a few login attemps.

But I'm still getting annoyed about the ntifications it gives. I could turn notifications off ofcouse, but I would also like being informed if something's wrong with the NAS.

So I'm looking for a sollution of getting rid of these notifications.

The first option would be changing port 2222 I guess. But there're also apps communicating via this port. So I guess this can give some connection problems unless I configure all the apps to same port I guess? Not sure how it will work out yet...

Also searched the internet a bit, and 2 alternatives I've found are configurating "port triggering" in my (Asus) router, or looking to setup "port knocking". But not sure how to get "port knocking" running yet at the moment.

Annyone who has some practical advise for me in this one? :)

Re: SFTP login attempts

PostPosted: Thu Feb 06, 2020 4:54 pm
by father.mande
Hi,

First be sure that it's the 2222 port is the target, because you don't need it to use SFTP, SFTP can be used directly using SSH port ... so if you keep 22 (so common) the first thing to do is to change this port to a port > 1024 and not linked too easily with 22 so cancel 222, 2222, etc.

I don't know applications provide by Asustor using SFTP port ??? but in all case ... usually port are define in some config file and are used dynamically, so restarting an application (but please list them) get the port used by SFTP in the config file ... so restart with the good value.

Using a different port for SSH and SFTP is a way to limit the SSH capabilities of a user even it can access its own files using SFTP (ex. a Sync. application use SFTP between a client (PC) and the NAS but not authorize to use SSH) ... the strange in Asustor is to change SFTP port and keep 22 (as default but changeable) for SSH ... usual method is the reverse ...

If you use SFTP ... just validate using SFTP (check box) in Terminal (so using SSH port AND CHANGE IT) menu and forgot SFTP config (uncheck it)
if SFTP specific is require by your usage ... change the port and restart applications (if you knwo it) or reboot.

Philippe.

Re: SFTP login attempts

PostPosted: Thu Feb 06, 2020 7:22 pm
by marp
My oppinion - _never_ expose to the internet your ssh/sftp services. Changing the port is no solution, existing scanning devices can identify services running on non-standard ports.

First solution is to configure a strong "on premise" vpn server - either on the NAS box or on another devide - A Raspberry Pi will do just fine - and access ssh/sftp only thru vpn. I would not recommend installing vpn services on your router

Second solution, is ssh/sftp direct access is necessary, after changing the ssh port (see router port forwarding), disable in the ssh_config the password logon for any client IPs not on your local network and use pki authentication for remote ssh access. and always disable ssh root login