As you know, I love two factor authentication (2FA). Now the time has come to secure SSH with 2FA on all our Ubuntu servers.
I recently noticed that the bandwidth usage on VBOX4 had increased slightly. Apart from the spikes that come when the server is doing its nightly offsite backup, there was also an average increase in bandwidth usage. In an ideal world, that would be caused by the success of my Facebook antics, but I’ve got Piwik stats that says otherwise.
Now, that there is a slight bandwidth increase that last for a few days isn’t uncommon. Google sometimes finds it necessary to index the entire site. But I’m a curious little nerd, and with the help of netstat I checked incoming connections. It showed a Chinese IP address trying to connect to poor VBOX4 via SSH. That isn’t necessarily a reason to panic either. If you have a computer connected to the internet, there will be bots trying to connect to various services around the clock. For my own convenience, I’ve got SSH running on the standard port, 22, which makes it a prime target for that kind of shenanigans.
Moving it away from the standard port could be an option. But security by obscurity isn’t really security IMHO. Sure, it makes things a little bit harder. But there are only 65,535 ports to choose from, and if a bot wants to find your SSH port, it will find it eventually. Port knocking might be a better scheme if you want to hide your doors.
Or, you can hire a kick-ass doorman! That’s what we’re going to do with 2FA.