You are not logged in.
- Topics: Active | Unanswered
#1 2014-01-23 06:03:50
- sheomualjy
- Member
- Registered: 2011-12-23
- Posts: 37
Configure sshguard to use systemd
Hi,
I have set up port forwarding on my router in the hopes of being able to ssh into my machine while I'm away from home. I have configured my computer to have a static local IP address and I have also configured DDNS on my router, meaning I am able to ssh into the machine via
ssh -p <forwarded-port> <username>@<ddns-username>.<ddns-host>.comI did some research and found out about the dangers of having a port open to the public and have since looked into sshguard as an option to help make the port more secure (I have disabled the port in the mean time). I am having issues getting sshguard working with systemd because it does not seem to listen into the logs that are being recorded.
Can someone please give me some help configuring sshguard to work with systemd? I have followed the wiki page https://wiki.archlinux.org/index.php/sshguard down to the point of "In Arch Linux", at which point I stopped following because it was marked as out of date.
Also, are there any more suggestions to making remote ssh access more secure?
Thanks,
James
Offline
#2 2014-01-23 06:16:47
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,354
Re: Configure sshguard to use systemd
It is now in community and (I believe) is configured to work out of the box. It works like a charm on this computer. It is now started from a service and includes all the systemd hooks.
As to other suggestions, I used to use fail2ban. I migrated to sshguard because it is faster and integrates with systemd. Also, I did not need to protect services besides ssh.
To be really secure, turn off password login and require public key pairs.
Edit: Typo
Last edited by ewaller (2014-01-23 14:14:12)
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#3 2014-01-23 06:24:35
- WonderWoofy
- Member
- From: Los Gatos, CA
- Registered: 2012-05-19
- Posts: 8,414
Re: Configure sshguard to use systemd
The sshguard package that is provided in [community] actually runs a script in the service file (/usr/lib/systemd/scripts/sshguard-journalctl). So there is nothing you need to do to configure this to work with systemd.
I think it would be rather silly to ship this package with it only set to support syslog when systemd and its journal is the default in Arch...
Edit: Oh, I see that fail2ban does indeed do just that. On second thought, I guess since syslog-ng is in the repos, this is not such a crazy thing.
Last edited by WonderWoofy (2014-01-23 06:27:53)
Offline