LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-16-2006, 01:16 PM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Rep: Reputation: 77
Question About SSH


I use SSH from my work machine (FC3) to tunnel into my home sever (Debian) and I was wondering if that is safe or if anyone from work can hack my work machine and see my files on my home PC (Debian)? I have lots of personal data and some directories have the usual not safe for work videos. Is SSH secure or are my worries valid concern?
 
Old 02-16-2006, 01:59 PM   #2
Dudydoo
Member
 
Registered: Sep 2003
Location: UK
Distribution: I use 'em all ;-)
Posts: 275

Rep: Reputation: 38
Providing that your passwords are secure, it should be fine.

A more secure way is to use public/private key access for SSH.
 
Old 02-16-2006, 02:28 PM   #3
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
It is called Secure Shell. With strong passwords, you should be fine.
 
Old 02-16-2006, 05:44 PM   #4
zackarya
Member
 
Registered: Jul 2003
Distribution: OpenSuse 10, Debian
Posts: 152

Rep: Reputation: 30
Personally I use ssh and believe it to be safe. One thing I would suggest
(which you might already be doing) is to make sure you have a separate
dedicated machine running as a firewall(or at the very least a "software"
firewall). You can then limit access to a certain mac address, ip, or
whatever. It could still be spoofed but would require more work and
knowledge. Just another layer on top of a good random passphrase.

Also, always check the logs.

Zackarya
 
Old 02-19-2006, 02:21 AM   #5
imemyself
Member
 
Registered: Feb 2004
Location: Wichita, KS
Distribution: CentOS 4, SuSE 10, Tiger
Posts: 110

Rep: Reputation: 15
You could always use public key authentication. If you used that you could make it so someone connecting would have to have your username, private key, and the key phrase for the private key. Also make sure that only you(not other users/system users) can telnet in. I've had security issues in the past where people got in through system accounts(specifically postgres) that presumably had a default password. (I know, I know, that was really bad on my part. But in my defense, I totally forgot that I had port 22 forwarded through NAT. )
 
Old 02-22-2006, 09:08 AM   #6
mikebudohiee
LQ Newbie
 
Registered: Feb 2006
Location: Florida
Distribution: SuSE, Debian, PCLINUX2007
Posts: 13

Rep: Reputation: 0
Let me start off by saying...SSH is a safe way of connecting. Make sure that you keep up with any security patches. On your server to lock it down better, I would suggest running an IP table firewall if you are not doing it already. Change the SSH port to something other than 22 and not another common port, for example 51000. On your firewall, only allow the ports you need inbound. As a word of advise be careful at work and how much time you spend connecting to home. At work, I happen to be in the security department and one of our roles, not only monitoring inbound connections, is also monitoring all outbound connections (watching employees). I would be less concerned about your work hacking your PC and seeing your files, as I would be with how much time their reports show you connection to your home server.
 
Old 02-22-2006, 02:12 PM   #7
int0x80
Member
 
Registered: Sep 2002
Posts: 310

Rep: Reputation: Disabled
Using public key authentication is the way to go, as mentioned earlier by imemyself.

The additional suggestion by mikebudohiee of moving the daemon to listen on a different port is also valuable as well. However, I don't recommend going above 1023. Keep it in the range of privileged ports (0-1023).

If you think of a port (for example, 1022) and want to see if it's already used by a service, you can run the commands:
Code:
grep 1022 /etc/services
netstat -tlnp | grep 1022
 
Old 02-23-2006, 08:35 AM   #8
mikebudohiee
LQ Newbie
 
Registered: Feb 2006
Location: Florida
Distribution: SuSE, Debian, PCLINUX2007
Posts: 13

Rep: Reputation: 0
Since you server is accessible via the Internet…configuring public key authentication as mentioned by “imemyself” would definitely make it even more secure. Also, if not done already verify that root login is turned off for SSH: “under sshd_config; PermitRootLogin no” chances are you already done this but sometimes we forget. The reason I mentioned a tcp high port was that if someone runs a standard port scan, or xmas tree scan, chances are they will not find it. It forces them to scan all 65535 ports. Then again I am not running public key auth so a banner grab is easy. I am getting off tangent. To answer your original question…Yes SSH is a secure way of connecting.
 
Old 02-23-2006, 09:00 AM   #9
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
In general, services started by root are set on priviledge ports. There are 1023 priviledge ports and 64512 unpriviledged ones. Maybe you could use the unpriviledged one, not in this list:
http://www.glocksoft.com/trojan_port.htm

Anyway, nmap -sV will discover ssh even if it is on an uncommon port, but at least it removes some noise.
 
Old 02-23-2006, 11:27 AM   #10
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 11,097
Blog Entries: 4

Rep: Reputation: 4089Reputation: 4089Reputation: 4089Reputation: 4089Reputation: 4089Reputation: 4089Reputation: 4089Reputation: 4089Reputation: 4089Reputation: 4089Reputation: 4089
Generally, although SSH encrypts all communications (which is good), in its default configuration it still has limitations ... all of which are avoidable:
  • It allows login as root.
  • It accepts "username/password" authentication, giving any challenger the opportunity to present user/pass combinations to your system. (If you're not paying attention to your user-id list... etc.)
If you use public-key authentication, a great big door is slammed shut: only visitors who can "show their badge" are permitted to even approach the door.

If you have a VPN-equipped router (or can get one), the situation is even stronger.

In the real world, you don't get into someone's office building just by saying magic words. You show a badge .. some token that is difficult to forge and that clearly is identified as belonging to you and you alone. If the company wants to exclude you, they don't have to teach all the other employees new magic words. You can't "tell your badge to" someone else. And so on. It makes sense. It's just (erroneously) perceived as being "difficult" and so it is not commonly done.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh question??? yenonn Linux - Security 5 02-25-2005 03:49 PM
ssh-agent/ssh-add question mega Slackware 2 01-26-2005 04:09 AM
ssh question Smokey Slackware 1 11-24-2004 04:39 PM
SSH Question tormentum Linux - Networking 5 12-11-2003 09:00 PM
SSH Question... Flipper Linux - Newbie 4 07-20-2003 04:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration