LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-26-2005, 12:35 PM   #1
Jorek
Member
 
Registered: Sep 2005
Distribution: Slackware 13.1
Posts: 65

Rep: Reputation: 16
SSH Server - How and how safe?


Lately, I have thought of maybe setting up an SSH server on my computer.
I'm currently using Slackware 10.1, and are planning to use the included OpenSSH(deamon), but I have a few questions:

1. I have googled a bit, and figured out that I only need to modify my
/etc/sshd/sshd_config to something like this(Short version of the conf file):

Code:
Protocol 2
PermitRootLogin no
MaxAuthTries 2
LoginGraceTime 30
PermitEmptyPasswords no
MaxStartups 1
AllowUsers username
And then restart SSHD with:"service sshd restart".
Can I log into my computer remotely using SSH now?
Is this correct? In other words, is this all it is to it?

2. How safe is it to have a SSH deamon/server running?
Is it easy to get cracked by a cracker? Somthing to keep in mind when running a SSH server to be safe from crackers?

PS: I din't acctualy quite know where to submit this thread(Sercurety, Network, Software), but I thought that this was the most correct place to put it. So if any of you admins feel like moving it, plz do

Thanks in advance,
. : JoRek : .
 
Old 10-26-2005, 01:03 PM   #2
Dudydoo
Member
 
Registered: Sep 2003
Location: UK
Distribution: I use 'em all ;-)
Posts: 275

Rep: Reputation: 38
Re: SSH Server - How and how safe?

Quote:
Originally posted by Jorek

1. I have googled a bit, and figured out that I only need to modify my
/etc/sshd/sshd_config to something like this(Short version of the conf file):

Code:
Protocol 2
PermitRootLogin no
MaxAuthTries 2
LoginGraceTime 30
PermitEmptyPasswords no
MaxStartups 1
AllowUsers username
And then restart SSHD with:"service sshd restart".
Can I log into my computer remotely using SSH now?
Is this correct? In other words, is this all it is to it?
Looks good to me, all you have to do on slackware is run '/etc/init.d/sshd start' ('/sbin/service' - is only available in RedHat/Fedora AFAIK)

You can type 'ps ax | grep sshd' to check that the daemon is running.

Make sure that you're firewall is not blocking the port (if you have one running) - run '/sbin/iptables -L' to see (port 22 by default).

Try ssh'ing in from another box to see if it works.

If it is blocked by the firewall type '/sbin/iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT'

Quote:
2. How safe is it to have a SSH deamon/server running?
Is it easy to get cracked by a cracker? Somthing to keep in mind when running a SSH server to be safe from crackers?

It is generally very safe providing you have done 2 things to mitigate most chance of attacks:

1. Disallow root logins (which you have done in your config). To gain root access it's much safer to login as a normal user and 'su' to root.

2. Make sure any users that are allowed to login have good strong passwords - alphanumeric with meta characters, minumum lenth 6-8 characters, etc. And make sure no users on the system have empty passwords.

Of course, the best way to handle authentication is by using the RSA/DSA keys.
 
Old 10-26-2005, 03:22 PM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,790
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
How safe is it to have a SSH deamon/server running?
Is it easy to get cracked by a cracker? Somthing to keep in mind when running a SSH server to be safe from crackers?
As long as you keep the SSH server up to date, you should be fine. Check your favorite Slackware mirror for the latest packages. SSH has a long track record of being secure. However, there is a brute force attack script out in the wild and you will see numerous attempts to force a username/password combo. If you go to key based authentication and disallow username/passwords, then the attack is a mere annoyance. If you want to stick with usersnames and passwords, make sure they are not obvious.

If you feel like fiddling with your firewall a bit, sshblack is a perl program that will monitor log files for ssh miscief and modify the firewall to drop the attackers.
 
Old 10-26-2005, 03:47 PM   #4
Jorek
Member
 
Registered: Sep 2005
Distribution: Slackware 13.1
Posts: 65

Original Poster
Rep: Reputation: 16
Thanks for the replies! Now I got an SSH server up and running *Proud*
Towards now, I have only connected to the SSH server using a computer withing my local network, using the internal IP(given by my router) address on the server:
ssh username@ipaddress
How can I log into my server through internet?(Like from school, work, my friends etc.)
Since I've got like 4 other computer running in the same LAN, but only one external IP, how can I specify that I want to log into one of the four?

---Internet-connection--->Router---<4 computers

Hmm, I hope this thread made sense, I am a bit tired now you see...

Last edited by Jorek; 10-26-2005 at 03:50 PM.
 
Old 10-26-2005, 03:52 PM   #5
Dudydoo
Member
 
Registered: Sep 2003
Location: UK
Distribution: I use 'em all ;-)
Posts: 275

Rep: Reputation: 38
You're router web configuration interface should have an option called 'Port Forwarding'.

All you have to do is type in the IP address of your computer that's running the SSH server, and the start and end port numbers as 22.

e.g.

IP Address Start Port End Port
=============================

192.168.0.2 22 22



Save changes and you should be away!
 
Old 10-26-2005, 04:08 PM   #6
Jorek
Member
 
Registered: Sep 2005
Distribution: Slackware 13.1
Posts: 65

Original Poster
Rep: Reputation: 16
Ok, so after doing what you describen in the thread above, I can connect to the SSH server by typing:
ssh username@externalIP
And then the router takes care of the rest?

BTW: Do I have to use port 22?
 
Old 10-26-2005, 04:41 PM   #7
fataldata
Member
 
Registered: Jun 2002
Location: Breckenridge, Colorado
Distribution: Ubuntu Hardy 8.04
Posts: 101

Rep: Reputation: 15
You do not have to use port 22 and I would not. Either do port forwarding in your router ie: forward external port 1234 to internal port 22 or just change the port in the sshd_config. Then when you login via command line you will need to ssh -p 1234 username@IPaddress

I have found that when I used the default port (22) on my network it would get scanned alot.

Quote:
Originally posted by Jorek
Ok, so after doing what you describen in the thread above, I can connect to the SSH server by typing:
ssh username@externalIP
And then the router takes care of the rest?

BTW: Do I have to use port 22?
 
Old 10-27-2005, 09:53 AM   #8
Jorek
Member
 
Registered: Sep 2005
Distribution: Slackware 13.1
Posts: 65

Original Poster
Rep: Reputation: 16
Oki, thanks for all repies.
One last question:

Are port 22 used by any other protocols or services?
If I port foreward port 22(using my router) to my server, will ALL traffic how seeks port 22 go to my server?
 
Old 10-27-2005, 02:13 PM   #9
Dudydoo
Member
 
Registered: Sep 2003
Location: UK
Distribution: I use 'em all ;-)
Posts: 275

Rep: Reputation: 38
Yes. All traffic on port 22 will go to your server, as port 22 is reserved for SSH (although you could run any service you like on port 22 if you configure it to).
 
Old 10-27-2005, 05:12 PM   #10
Jorek
Member
 
Registered: Sep 2005
Distribution: Slackware 13.1
Posts: 65

Original Poster
Rep: Reputation: 16
Thank you, your help has been very useful
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How safe is ssh/openssh? Noerr Linux - Security 6 09-22-2014 05:16 PM
Is it safe to show server stats? six6 Linux - Security 3 08-05-2005 12:31 PM
Is Allowing SSH Safe? Optimistic Linux - Security 10 03-21-2005 01:58 PM
static ip, netgear firewall, & ssh forwarded - safe? BrianK Linux - Security 3 01-18-2004 09:10 PM
win98 Server, as safe as it gets ;-) browny_amiga General 12 06-26-2003 08:04 AM


All times are GMT -5. The time now is 10:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration