-   Linux - Security (
-   -   ssh risk (

hoover93 10-21-2005 09:19 AM

ssh risk
is ssh reasonably secure for remote administration? i need a way to perform maintenance on a server at a branch office without always having to travel on-site for ordinary chores like adding a new user account.

if i were to open the port in our hardware firewall to allow ssh connection to a specific host would i be inviting the world to hack my file server?

i'm not a security guru, but from what i've read, ssh seems to be a preferred method for remote connections. ssh does not allow login as root, correct? the traffic is encrypted, correct?

the beauty of linux is that i could perform nearly any admin tasks from with command prompt and a text editor. but, i'd like to know that allowing ssh is at least "reasonably" secure.

i don't want to be lax about security, but i don't want to be overly paranoid either.

thanks for the advice.

stickman 10-21-2005 09:28 AM

SSH is secure enough for remote access. It does encrypt traffic and can be configure to exclude direct root access. You can minimize the risk of opening a hole in your firewall by restricting access to just the endpoints, ie the server that you will admin and the client that you will connect from.

hoover93 10-21-2005 09:52 AM

the client that i'll connect from will change periodically as our isp uses dhcp. can i restrict ssh logins to one account?

Hangdog42 10-21-2005 11:06 AM

Yes. You can add an AllowUsers directive to your sshd_config file and then only the users listed can get access. You can also further lock it down by not allowing usernames or passwords, but use public key authentication instead.

Vgui 10-21-2005 05:59 PM

Another point I have seen brought up before is that if you move ssh from port 22, the automated and canned script kiddie attacks will be cut down by quite a bit.

sundialsvcs 10-21-2005 07:18 PM

What I would most strongly recommend is what I have recommended in the past... use digital certificates with SSH. Don't rely upon username/password authentication.

Only users who can present a valid certificate will be allowed to go further. It will not matter if they know a password or can guess it; their passport is rejected at the outer gate. This will truly stop the "script kiddies" who, otherwise, will come to call and will begin to hammer against your username/password file around the clock with the persistence that only a computer can create.

VPN (virtual private networking) is very handy as well. It wraps everything in an encryption packet, and once again it is best used with digital certificates. (i.e. Don't use Pre-Shared Keys.)

The overwhelming advantage of digital certificates, aside from the fact that they cannot be forged, is that they are individually issued and can be individually revoked. If a computer is lost or stolen, its access can be selectively revoked.

Without certificates, unfortunately, "SSH is simply another shell." It gives anyone-in-the-universe the opportunity to try a username-plus-password against your system. Sure, it encrypts the traffic, but it allows anyone to try to log in. But with certificates, only the bearers of an un-forgeable (and unrevoked) credential will ever be given the opportunity to utter magic words.

Vgui 10-21-2005 08:08 PM

That all sounds very enticing, and I wouldn't mind trying it out myself. Got a good HOWTO on the subject?

sundialsvcs 10-21-2005 08:45 PM

A good source of howtos is here. Look at "local copies" such as this one. (However, I would encourage you to peruse the whole site.)

I really want to emphasize... this stuff is not hard to do. And it makes your SSH connection "really secure" for the first time. Script kiddies might be able to detect that you have an open SSH port into your system, but they can't begin to touch it.

Vgui 10-21-2005 09:03 PM

Great, I'll be reading those over and hopefully being able to sleep at night now with port 22 open.
Thanks a lot for the help / ideas, good stuff to know!

All times are GMT -5. The time now is 02:20 AM.