-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello,
When you have a SSH port open to the clearnet (especially if listening on default port, 22) you get quite an amount of such failed automated requests. Nothing to worry about here, really, if you don't use a dumb root password which could be included in most of dictionaries. I strongly recommend you to disable password authentication and only allow ssh-key based authentication in sshd_config. This is not a defect in Tor or in SSH. It's just how things work in the wild - secure your server! It doesn't matter you didn't share your onion hostname; it is available and known to the HSDirs. You can use this feature in torrc at server side (add it under HiddenServicePort entry): HiddenServiceAuthorizeClient basic <client name> Tor will generate a passphrase, you can find it out from the client_keys file created in the directory where you have your private_key and hostname (HiddenServiceDir). This will encrypt the descriptors published by your hidden service, so only clients who provide the correct passphrase will be able to connect. An additional line in torrc at client's side is needed to provide the credential: HidServAuth <hostname.onion> <passphrase> <optional service description> If there are multiple users who need to connect to this hidden service, you can add more HiddenServiceAuthorizeClient lines, for as many users as you have - this way if you want to remove access just to one user, you can delete the HiddenServiceAuthorizeClient line related to his username and that passphrase won't work any more. The same passphrase will work from multiple places (multiple clients) at the same time. On 8/11/2015 3:55 AM, Jens Kubieziel wrote: > Hi, > > I'm running a SSH hidden service on some machines. Recently I was > quite surprised to find the following lines in my logs: > > Aug 5 17:06:37 linux sshd[23935]: input_userauth_request: invalid > user root [preauth] Aug 5 17:06:51 linux sshd[23935]: > Disconnecting: Too many authentication failures for root [preauth] > > Nobody besides me knowns the onion name. But the person who ran > those tests tried user names like tor, hidden etc. > > Has anyone also seen such connection attempts through hidden > services? > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJVygY+AAoJEIN/pSyBJlsRHwUH/3o3X7R9zCOPAEC1QLKHXMCl jKpxXTuuHJFPxn254Scss4Gc2GyPHoDCaodzHG43Ob4XO9d9n5mFrmEzm6/MfIDB 3YOLxNyBXWEUBltJsSSRDKGFZxi+qiotNk7iuPRQuANu5GF5yQ4EtvT4IHlY+I8S XZeDk4iVKNnSXleeXRXC31glMFRBCtLhNYKmf8KE2yTfDeRNWUtLqFVWcpIvpsZc IcDaarD9ampkDp1JdDZuSAFvkdvZRxMlNzUgwc43C7KDzXIJUWdwfH3xdhzNtNfR sjESttf46ot7iOdFYmJ0+rzfqxJdKnB4uHgviN1BPlgo7AythEL7d+Hg2cmtn2o= =Ip2f -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
