Showing posts with label SSH. Show all posts
Showing posts with label SSH. Show all posts

Wednesday, August 4, 2010

Tips for secure SSH connection to remote servers

Some tips for secured SSH connection to remote servers. 


Also please go through my previous posts for detailed howto.


  • Use only SSH V2 -- V1 is vulnerable to compromise. On Linux, this is usually done by default and managed in your /etc/ssh/sshd_config file by the Protocols option.
  • Don't allow root or Administrators to log in directly. Only normal users should be allowed to log in and then if required they can escalate their privileges by using su or sudo. On Linux this is controlled, again in the sshd_config file, by the PermitRootLogin option.
  • Ensure you use suitable authentication, for example passwords or keys.
  • Try to avoid using port 22 for your SSH connections. Automated brute force attack tools are commonly used by attackers to scan port 22 and try to brute usernames and passwords. Changing the port to something else, for example 2222, is a quick and simple way of reducing this risk.
  • lternatively, if you must use port 22, you can use tools like BlockSSHD or Fail2Ban to block excessive or inappropriate login attempts.
  • Ensure you have configured suitable logging of your SSH daemon and that you review your logs for illicit login attempts. Ttools like Swatch and SEC can assist with this.
  • Only bind SSH to the addresses required. If you have multiple interfaces in your host, for example an interface on your internal network and another on an external network such as the Internet, then only bind the daemon to the interface through which you need to connect. This is controlled on Linux using the ListenAddress option.
These are some general tips and how to implement these depends on the platform you are using. Anyway I hope this helps.

Tuesday, March 2, 2010

SSH login to remote servers without password.

Hello guys this time I give you a how-to for logging into a remote server/desktop without being prompted for password.

SSH or Secure Shell is a program that allows you to log into a remote machine over a network and execute commands. It also allows you to move files from one computer to another. All the communication including password transmission are highly encrypted. Hence it can be used to create a secure communication over insecure channels. It protects a network from attacks like DNS spoofing, IP spoofing and IP source routing. Thats the reason why the SSH has effectively replaced older remote log in protocols like rlogin, rsh, rcp, telnet etc.

While using SSH log in entire communication including password transmission is is encrypted. SSH uses 3DES, Blowfish, AES and arcfour as encryption algorithms. So it is virtually impossible for a hacker to eavesdrop your password. Here I will describe how to create a secure communication channel between two servers securely and enable password-less login between them. This would be quiet useful while using scripts for logging into remote machines and executing commands. You don't have to store the remote machine's password in the script and also it is quiet annoying to type in password every time you log in to the remote machine via SSH.