Can hackers easily break regular SSH servers (config with no root access) ?
DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ssh is as strong as the password you use it with. It can be broken by 'brute force' attacks, but generally, the ssh-server will deny any logins after 3 failed attempts for a specified timeframe. That buys you time, but not safety. However, most crackers (hackers do thing to prove something, crackers to make money or other evil stuff) don't want to spend hours trying to crack some ssh entry. Overall, using ssh is safe, as VPN's and such are based on ssh too
SSH that isn't watched closely is a probable target, since it's likely a hacker can spend a bit of time toying with it to crack the password. SSH configured for certificates is more secure (harder to "crack" a certificate than a password), but if a hacker managed to get the certificate...you get the picture.
The purpose of SSH is to allow an administrator remote access to a machine to run commands. Unfortunately, the same functionality is exposed to hackers...and as Dutch Master pointed out, brute force will *always* find the right key given enough time...so the question is not "can it be done", but rather "am I willing to watch closely and monitor SSH to shut down crack attempts before they get out of hand?"
SSH that isn't watched closely is a probable target, since it's likely a hacker can spend a bit of time toying with it to crack the password. SSH configured for certificates is more secure (harder to "crack" a certificate than a password), but if a hacker managed to get the certificate...you get the picture.
The purpose of SSH is to allow an administrator remote access to a machine to run commands. Unfortunately, the same functionality is exposed to hackers...and as Dutch Master pointed out, brute force will *always* find the right key given enough time...so the question is not "can it be done", but rather "am I willing to watch closely and monitor SSH to shut down crack attempts before they get out of hand?"
I'm not 100% sure I understood your last post, but if I read it correctly, you're asking if fail2ban and a proper sshd config would help? Certainly! I've not much experience with fail2ban, but my understanding is that it "listens" for brute force attempts and injects iptables rules to block those ip addresses. As Dutch Master posted earlier, this is just buying you time, not complete protection.
As for sshd config, keep in mind that turning off root access does NOT protect you from a user in the wheel group using su (or sudo for sudoers). The good thing about turning off root is that now the hacker must guess 2 items instead of 1: the password AND the username. Theoretically it'd take longer to "crack" both the username and the password that matches that username. It has nothing to do with root access (though that part helps haha).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.