Security Basics mailing list archives
Re: Securing SSH
From: "Jude Naidoo" <jude007 () jnaidoo fsnet co uk>
Date: Sat, 10 Jan 2004 12:37:42 -0000
Hi Roland SSH is quite secure in terms of disallowing eve's dropping. Depending on your version of SSH, you should have a file called' allowed.hosts' or 'hosts.allowed', or something similar that contains ip addresses of host that ssh will allow to access the server on port 22. What you also want to do is disallow root access. Rather create users and allow them to su to root. It makes it more difficult to guess user names and passwords if an allowed host is compromised or a malicious user uses an ip address allowed to connect to your servers. If root access is allowed, half the job is done. Now all he has to do is guess passwords. If engineers are dialling in from home, have them go through a locked down staging server. Just my 2cents worth.. Jude ----- Original Message ----- From: "Roland Venter" <rolandv () xtra co nz> To: <security-basics () securityfocus com> Sent: Friday, January 09, 2004 11:53 PM Subject: Securing SSH
I need to manage several servers remotely via SSH, I'm interested in ways
to
secure the connection and prevent unauthorised access. My thoughts: Limit access to only allow remote connections from our management network via iptables rules. Works but what if our ISP changes our fixed IP, which means we are effectively locked out from all the servers and requires a
site
visit to update the rules. We also need to provide access to engineers working from home using
dialup,
etc Some sort of client certificates to supplement username and password, Recommendations on securing the SSH daemon etc Any ideas and tips or random thoughts appreciated Cheers, Roland --------------------------------------------------------------------------
-
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention,
and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Securing SSH Roland Venter (Jan 09)
- Re: Securing SSH security (Jan 12)
- Re: Securing SSH Jude Naidoo (Jan 12)
- RE: Securing SSH Vinicius Moreira Mello (Jan 12)
- Re: Securing SSH Kevin Saenz (Jan 12)
- RE: Securing SSH Ethan King (Jan 12)
- Re: Securing SSH Brian C. Lane (Jan 12)
- Re: Securing SSH Miles Stevenson (Jan 12)
- Re: Securing SSH Joerg Over Dexia (Jan 12)
- Re: Securing SSH Kaushik Mukherjee (Jan 13)
- Re: Securing SSH Luca Falavigna (Jan 13)
- <Possible follow-ups>
- RE: Securing SSH Shawn Jackson (Jan 14)