Page 1 of 1

How to make eve-ng more secure on ssh?

Posted: Sun May 05, 2019 11:16 pm
by newabc
Dear all,

At the beginning after the moment that eve-ng was just installed, I tried to set the sshd port other than 22 and deny the remote login of root. The root password is also changed to some symbols like "!" or "%". But I failed to open the wireshark to capture packets from the pipe from plink, even I changed the wireshark_wrapper.bat with new username and password and added "-P port_number" to plink.

Of cause, if I change the user in wireshark_wrapper.bat to root, sshd port to 22 and root password to lowercase, uppercase characters and numbers, I will successfully make wireshark capture the packets.

Of cause, I already configured the firewall of eve-ng.

Thanks at first.

Re: How to make eve-ng more secure on ssh?

Posted: Mon May 06, 2019 4:46 am
by Uldis (UD)
from old unl days I have one dock, when we secured wireshark sessions with keys
and not a password.
But dont ask more about it.
We do not support it anymore.

Uldis

Re: How to make eve-ng more secure on ssh?

Posted: Tue May 07, 2019 11:42 pm
by newabc
Thanks, UD.

It is a good idea to setup a sudoer for wireshark to run tcpdump only.