How to make eve-ng more secure on ssh?

Moderator: mike

Post Reply
newabc
Posts: 8
Joined: Sun May 27, 2018 1:03 am

How to make eve-ng more secure on ssh?

Post by newabc » Sun May 05, 2019 11:16 pm

Dear all,

At the beginning after the moment that eve-ng was just installed, I tried to set the sshd port other than 22 and deny the remote login of root. The root password is also changed to some symbols like "!" or "%". But I failed to open the wireshark to capture packets from the pipe from plink, even I changed the wireshark_wrapper.bat with new username and password and added "-P port_number" to plink.

Of cause, if I change the user in wireshark_wrapper.bat to root, sshd port to 22 and root password to lowercase, uppercase characters and numbers, I will successfully make wireshark capture the packets.

Of cause, I already configured the firewall of eve-ng.

Thanks at first.

Uldis (UD)
Posts: 2582
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: How to make eve-ng more secure on ssh?

Post by Uldis (UD) » Mon May 06, 2019 4:46 am

from old unl days I have one dock, when we secured wireshark sessions with keys
and not a password.
But dont ask more about it.
We do not support it anymore.

Uldis
You do not have the required permissions to view the files attached to this post.

newabc
Posts: 8
Joined: Sun May 27, 2018 1:03 am

Re: How to make eve-ng more secure on ssh?

Post by newabc » Tue May 07, 2019 11:42 pm

Thanks, UD.

It is a good idea to setup a sudoer for wireshark to run tcpdump only.

Post Reply