Security Basics mailing list archives
Re: Securing SSH
From: "Brian C. Lane" <bcl () brianlane com>
Date: Sun, 11 Jan 2004 14:00:08 -0800
On Fri, 2004-01-09 at 15:53, Roland Venter wrote:
I need to manage several servers remotely via SSH, I'm interested in ways to secure the connection and prevent unauthorised access. My thoughts: Limit access to only allow remote connections from our management network via iptables rules. Works but what if our ISP changes our fixed IP, which means we are effectively locked out from all the servers and requires a site visit to update the rules. We also need to provide access to engineers working from home using dialup, etc Some sort of client certificates to supplement username and password, Recommendations on securing the SSH daemon etc Any ideas and tips or random thoughts appreciated
I'm not sure what you mean by securing the SSH daemon. SSH is pretty secure, other than the few problems discovered over the last year (mostly OpenSSL problems actually). Limiting incoming connections to specific IPs is a good way to limit access, your ISP shouldn't be changing your fixed IP without telling you, and you could always include an IP of a known fixed host that is somewhere else. Other than that there really isn't much to secure. You could use RSA keys for authentication instead of passwords, but it really doesn't matter that much -- everything is encrypted anyway. Brian ---[Office 70.5F]--[Fridge 38.9F]---[Fozzy 89.4F]--[Coaster 51.9F]--- Linux Software Developer http://www.brianlane.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Securing SSH Roland Venter (Jan 09)
- Re: Securing SSH security (Jan 12)
- Re: Securing SSH Jude Naidoo (Jan 12)
- RE: Securing SSH Vinicius Moreira Mello (Jan 12)
- Re: Securing SSH Kevin Saenz (Jan 12)
- RE: Securing SSH Ethan King (Jan 12)
- Re: Securing SSH Brian C. Lane (Jan 12)
- Re: Securing SSH Miles Stevenson (Jan 12)
- Re: Securing SSH Joerg Over Dexia (Jan 12)
- Re: Securing SSH Kaushik Mukherjee (Jan 13)
- Re: Securing SSH Luca Falavigna (Jan 13)
- <Possible follow-ups>
- RE: Securing SSH Shawn Jackson (Jan 14)