Security Basics mailing list archives

RE: Securing SSH

From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Tue, 13 Jan 2004 17:15:08 -0800


        Everyone suggestions are pretty good. This topic has been
covered, 'recently' so please check the archives. The thread was "ssh
login protection" and took place around 12/2/2003. 

        I personally use a secure server; from an ISP I used to work for
as my point of access. Then only allow SSH Protocol 2 from that server.
So they would have to hack that server then mine, which isn't too
likely. Also you could setup a VPN, then VPN into the network and admin
from there.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
 
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: Roland Venter [mailto:rolandv () xtra co nz] 
Sent: Friday, January 09, 2004 3:54 PM
To: security-basics () securityfocus com
Subject: Securing SSH

I need to manage several servers remotely via SSH, I'm interested in
ways to
secure the connection and prevent unauthorised access.

My thoughts:
Limit access to only allow remote connections from our management
network
via iptables rules. Works but what if our ISP changes our fixed IP,
which
means we are effectively locked out from all the servers and requires a
site
visit to update the rules.

We also need to provide access to engineers working from home using
dialup,
etc

Some sort of client certificates to supplement username and password,

Recommendations on securing the SSH daemon etc

Any ideas and tips or random thoughts appreciated

Cheers,
Roland






------------------------------------------------------------------------
---
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any 
course! All of our class sizes are guaranteed to be 10 students or less.

We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off 
any course!  
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------

Current thread:

Re: Securing SSH, (continued)
- Re: Securing SSH security (Jan 12)
- Re: Securing SSH Jude Naidoo (Jan 12)
- RE: Securing SSH Vinicius Moreira Mello (Jan 12)
- Re: Securing SSH Kevin Saenz (Jan 12)
- RE: Securing SSH Ethan King (Jan 12)
- Re: Securing SSH Brian C. Lane (Jan 12)
- Re: Securing SSH Miles Stevenson (Jan 12)
- Re: Securing SSH Joerg Over Dexia (Jan 12)
  - Re: Securing SSH Kaushik Mukherjee (Jan 13)
- Re: Securing SSH Luca Falavigna (Jan 13)
- RE: Securing SSH Shawn Jackson (Jan 14)