LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 11-22-2005, 02:03 AM   #1
AvatarofVirgo
Member
 
Registered: Dec 2004
Posts: 50

Rep: Reputation: 15
Question How Secure is SSH?


I've allowed SSH through my firewall and nothing else. I'm also running SUSE 10. I was just wondering, how hard would it be for a remote user to crack SSH? I was debating blocking SSH as well.

And also, do I really need SSH and SMTP (postfix) for any thing? If not then I'll just turn those services off.

But my initial question for this thread is, how hard is it to crack SSH? I have no interest in cracking people's computers but I would be interested in learning how, for strictly educational purposes.
 
Old 11-22-2005, 03:56 AM   #2
spooon
Senior Member
 
Registered: Aug 2005
Posts: 1,755

Rep: Reputation: 51
If you have accounts with common usernames and weak passwords, then it is easy to gain access by guessing. If you have strong passwords, it is very difficult to guess the password by brute force. I suggest you disallow root login via SSH, since root is often attacked, and root access can be otherwise gained after login to another account. For more security, you can disable password logins and instead use public keys (much more secure) to login from trusted computers.
 
Old 11-22-2005, 04:12 AM   #3
Razze
Member
 
Registered: Dec 2004
Location: Espoo, Finland
Distribution: Gentoo, 2.6.16-gentoo-r11
Posts: 108

Rep: Reputation: 15
From what I have understood SSH is as secure as the weakest user-password combination that is allowed to connect to the system. The SSH server itself should be more or less impossible to crack.

If you don't plan to access (or let anybody else for that matter) your system remotely you can shut down the SSH server.
 
Old 11-22-2005, 11:07 AM   #4
doublejoon
Member
 
Registered: Oct 2003
Location: King George, VA
Distribution: RHEL/CentOS/Scientific/Fedora, LinuxMint
Posts: 370

Rep: Reputation: 44
Also if you are going to use SSH through the firewall

in your /etc/ssh/sshd_config file

Protocol 2
PermitRootLogin no


also maybe implement Private/Public RSA key Authentication for your ssh logins instead of using passwords

ssh
 
Old 11-22-2005, 11:23 AM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,610
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
(1) If you don't have a clearly-defined need for ssh or any other service, turn the service off until you do.

(2) Functionally, ssh is still "a shell", and if you allow anyone to connect to it and demand from them no more than a simple username/password (as is the default), it's just as good to them as if they were using rsh or had walked into your office wearing an invisibility cloak.

(3) If you intend to use ssh to allow yourself remote access to your machine, always set it up to use digital certificates as the primary means of authentication. The documentation is plentiful and it's easy to do. Now, in order to even attempt to connect, the user is required to possess a valid certificate... which should be password protected. Users who cannot present that "identification badge" are turned away, having been given no opportunity to enter a password of any sort.

(3a) Digital certificates, used in this way, do not cost money: you generate them and sign them yourself.

(4) No one realistically breaks into a cryptosystem by brute-forcing the key. They attack the key-management system... or the lack thereof. Notice that, while SSH encrypts the traffic that it sends, it (by default) allows anyone, anywhere to "have a try at a user/pass," and if they guess right it lets them right in! But, if you use digital certificates, the strong cryptography is used twice: not only to encrypt the traffic, as before, but to provide an impregnable and irrefutable form of user authentication.
 
Old 12-15-2005, 04:10 AM   #6
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
I wrote a little script that will generate the key for you then upload the key to the server you want just hit enter twice when it ask for a password. Once that is done it will ask for the password only for the first time you log in and after that it should not ask for a password. You may find this useful:

#!/bin/bash
USER="bill"
ADDRESS="xxx.xxx.xxx.xxx"
PORT="22"
NEWKEY="yes"

if [ $NEWKEY == "yes" ]; then
ssh-keygen -t dsa -f ~/.ssh/id_dsa
fi

cat ~/.ssh/id_dsa.pub | ssh -p $PORT $USER@$ADDRESS 'sh -c "cat - >>~/.ssh/authorized_keys2 && chmod 600 ~/.ssh/authorized_keys2"'

exit 0

Also need to allow in the sshd.conf on the server:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys2

Last edited by fotoguy; 12-15-2005 at 04:50 PM.
 
Old 12-15-2005, 07:01 AM   #7
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
Quote:
Originally Posted by sundialsvcs
(1) If you don't have a clearly-defined need for ssh or any other service, turn the service off until you do.
Completely true. A lot of computers have been hacked by ssh.
Still remote computers need to have ssh enabled.
I know that some ISP use this:
http://www.hsc.fr/ressources/breves/secretssh.html.en

It's a bit security by obscurity but it always add a good layer for the script kiddiez

Sorry, it is not in english but perl code is international
 
Old 08-14-2011, 08:11 AM   #8
ingram87
LQ Newbie
 
Registered: Aug 2011
Posts: 9

Rep: Reputation: Disabled
It's this easy...

If you don't have good security, then it is this easy to crack SSH:

[LINK REMOVED BY MODERATOR]

A simple and easy to use tutorial explaining how to crack SSH using Hydra on Ubuntu

Last edited by win32sux; 08-14-2011 at 12:36 PM.
 
Old 08-14-2011, 12:37 PM   #9
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
ingram87, re-read the LQ Rules. Providing assistance with cracking isn't allowed.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
secure connection without SSH Mr. DM Linux - General 3 05-17-2005 04:53 AM
Secure x-forwarding over SSH postrational Linux - Networking 1 02-01-2005 11:04 AM
How can I test if my SSH is secure nutthick Linux - Security 2 12-15-2004 10:59 AM
how to secure ssh chongluo Linux - Security 3 11-04-2004 07:16 AM
unattended, *secure* ssh backups offline Linux - Security 1 10-10-2004 09:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration