I am a Linux system admin, I will login every system of my local network. I don't want my IP to show up via who command. For example, if someone enters:
$ who
it reveals my IP. Is there any way to hide my IP from the who Linux command?
[EDIT by chrips]
This is important for those concerned with their personal utility servers being hacked! Obviously, you would want to hide your current home IP from an attacker lest they find a vector on you!
Most simply you could make the utmp log files non-world readable. This is even mentioned in the utmp man page:
Unlike various other systems, where utmp logging can be disabled by removing the file, utmp must always exist on Linux. If you want to disable who(1) then do not make utmp world readable.
like this:
sudo chmod go-r /var/log/wtmp /var/run/utmp
who # shows nothing, not even an error!
sudo who # still works for root
rudi :0 2017-04-18 19:08 (console)
So this would disable who
completely, not only skip IP addresses.
Another idea (maybe a bit silly) to hide only the IPs could be to let your ssh server listen at another port (1234) and on localhost only. Then run a "proxy" (socat, netcat) to forward from public_ip:22 to localhost:1234:
change ssh server config, /etc/ssh/sshd_config:
Port 1234
run a proxy on ssh server machine:
socat TCP-LISTEN:22,fork TCP:localhost:1234
Now all utmp logs (who
, last
) will show the same and useless localhost IP.
Note maybe your users could still see the real connections via netstat
. Instead of the userspace proxy (socat
) you could also setup iptables
NAT and MASQUERADING rules for the incomming ssh traffic. Or you could always use an extra "ssh hop" to always login from the same IP. This is left as an exercise for the reader. ;)
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments