SSH Server

Jorek · 10-26-2005, 12:35 PM

Lately, I have thought of maybe setting up an SSH server on my computer.
I'm currently using Slackware 10.1, and are planning to use the included OpenSSH(deamon), but I have a few questions:

1. I have googled a bit, and figured out that I only need to modify my
/etc/sshd/sshd_config to something like this(Short version of the conf file):

Code:

Protocol 2
PermitRootLogin no
MaxAuthTries 2
LoginGraceTime 30
PermitEmptyPasswords no
MaxStartups 1
AllowUsers username

And then restart SSHD with:"service sshd restart".
Can I log into my computer remotely using SSH now?
Is this correct? In other words, is this all it is to it?

2. How safe is it to have a SSH deamon/server running?
Is it easy to get cracked by a cracker? Somthing to keep in mind when running a SSH server to be safe from crackers?

PS: I din't acctualy quite know where to submit this thread(Sercurety, Network, Software), but I thought that this was the most correct place to put it. So if any of you admins feel like moving it, plz do

Thanks in advance,
. : JoRek : .

Dudydoo · 10-26-2005, 01:03 PM

Quote:

Originally posted by Jorek

1. I have googled a bit, and figured out that I only need to modify my
/etc/sshd/sshd_config to something like this(Short version of the conf file):

Code:

Protocol 2
PermitRootLogin no
MaxAuthTries 2
LoginGraceTime 30
PermitEmptyPasswords no
MaxStartups 1
AllowUsers username

And then restart SSHD with:"service sshd restart".
Can I log into my computer remotely using SSH now?
Is this correct? In other words, is this all it is to it?

Looks good to me, all you have to do on slackware is run '/etc/init.d/sshd start' ('/sbin/service' - is only available in RedHat/Fedora AFAIK)

You can type 'ps ax | grep sshd' to check that the daemon is running.

Make sure that you're firewall is not blocking the port (if you have one running) - run '/sbin/iptables -L' to see (port 22 by default).

Try ssh'ing in from another box to see if it works.

If it is blocked by the firewall type '/sbin/iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT'

Quote:

2. How safe is it to have a SSH deamon/server running?
Is it easy to get cracked by a cracker? Somthing to keep in mind when running a SSH server to be safe from crackers?

It is generally very safe providing you have done 2 things to mitigate most chance of attacks:

1. Disallow root logins (which you have done in your config). To gain root access it's much safer to login as a normal user and 'su' to root.

2. Make sure any users that are allowed to login have good strong passwords - alphanumeric with meta characters, minumum lenth 6-8 characters, etc. And make sure no users on the system have empty passwords.

Of course, the best way to handle authentication is by using the RSA/DSA keys.

Hangdog42 · 10-26-2005, 03:22 PM

Quote:

How safe is it to have a SSH deamon/server running?
Is it easy to get cracked by a cracker? Somthing to keep in mind when running a SSH server to be safe from crackers?

As long as you keep the SSH server up to date, you should be fine. Check your favorite Slackware mirror for the latest packages. SSH has a long track record of being secure. However, there is a brute force attack script out in the wild and you will see numerous attempts to force a username/password combo. If you go to key based authentication and disallow username/passwords, then the attack is a mere annoyance. If you want to stick with usersnames and passwords, make sure they are not obvious.

If you feel like fiddling with your firewall a bit, sshblack is a perl program that will monitor log files for ssh miscief and modify the firewall to drop the attackers.

Jorek · 10-26-2005, 03:47 PM

Thanks for the replies! Now I got an SSH server up and running

*Proud*

Towards now, I have only connected to the SSH server using a computer withing my local network, using the internal IP(given by my router) address on the server:
ssh username@ipaddress
How can I log into my server through internet?(Like from school, work, my friends etc.)
Since I've got like 4 other computer running in the same LAN, but only one external IP, how can I specify that I want to log into one of the four?

---Internet-connection--->Router---<4 computers

Hmm, I hope this thread made sense, I am a bit tired now you see...

Dudydoo · 10-26-2005, 03:52 PM

You're router web configuration interface should have an option called 'Port Forwarding'.

All you have to do is type in the IP address of your computer that's running the SSH server, and the start and end port numbers as 22.

e.g.

IP Address Start Port End Port
=============================

192.168.0.2 22 22

Save changes and you should be away!

Jorek · 10-26-2005, 04:08 PM

Ok, so after doing what you describen in the thread above, I can connect to the SSH server by typing:
ssh username@externalIP
And then the router takes care of the rest?

BTW: Do I have to use port 22?

fataldata · 10-26-2005, 04:41 PM

You do not have to use port 22 and I would not. Either do port forwarding in your router ie: forward external port 1234 to internal port 22 or just change the port in the sshd_config. Then when you login via command line you will need to ssh -p 1234 username@IPaddress

I have found that when I used the default port (22) on my network it would get scanned alot.

Quote:

Originally posted by Jorek
Ok, so after doing what you describen in the thread above, I can connect to the SSH server by typing:
ssh username@externalIP
And then the router takes care of the rest?

BTW: Do I have to use port 22?

Jorek · 10-27-2005, 09:53 AM

Oki, thanks for all repies.
One last question:

Are port 22 used by any other protocols or services?
If I port foreward port 22(using my router) to my server, will ALL traffic how seeks port 22 go to my server?

Dudydoo · 10-27-2005, 02:13 PM

Yes. All traffic on port 22 will go to your server, as port 22 is reserved for SSH (although you could run any service you like on port 22 if you configure it to).

Jorek · 10-27-2005, 05:12 PM

Thank you, your help has been very useful