Login Register

The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.

Tutorial Securing SSH [Very Basic Security] filter_list
Securing SSH [Very Basic Security] #1
(Appologies to @Oni for using him as an example)

In honor of 2 Years of Sinisterly, I'm creating a tutorial thread on securing on of the most commonly used services on your server: SSH. SSH (Secure SHell) is a protcol used maily for remote login to linux-type servers. If you have a linux-type OS running on a server, it almost always will have SSH installed. Because SSH is so common, and because it is used for remote logins, it is very important to secure.

Most SSH attack are carried out by bots, scanning IP address space for SSH servers. Once found, they attempt simple brute force attacks using commonly used usernames and passwords. Articles about these attacks can be found here and here. This tutorial will explain how to
  • disable root login
  • move SSH to a non-standard port

Ok let's get started. For this tutorial, I'm running everything on a Digital Ocean VPS running Ubuntu 14.04. Commands for most other linux distributions should be similar, if not the same. If these commands don't work on your box, let me know in the comments.

First, you'll need to create the account you want to use
adduser Oni //Add the user you wish to add
//Fill in the rest of the info. The only thing that really matters is the password

Oh, and I hope I don't have to mention that this password should be VERY complex?

[Image: 0KLtzfJ.png]

Then, you'll need to edit the /etc/ssh/sshd_config file

[Image: ga2qhhW.png]

Then restart the ssh server with
/etc/init.d/ssh restart
. This will log you out of the server. You can then log back in with your other account, and use the su command to attain root privileges. Now you (or an attacker) cannot access the server using the "root" account. Also, be sure to use an account name that is a bit harder to guess, and not "admin" or something like that.

Now to move the port. Moving the port not only protects you from automated attacks, but also fro targeted attacks, as the attacker cannot find the ssh port. I would suggest moving to a port higher than 1024, as most port scanners scan up to that port.

Again, this is a simple change: edit the "/etc/ssh/sshd_config" file, and change the port number. Than restart ssh with "/etc/init.d/ssh restart". And that's it. Be sure to remember what port you moved it to.

[Image: NxgRaP4.png]

And that's it. By doing these two simple fixes, you've protected yourself form 99% of SSH attacks. If you want to go farther, you can look into using ssh keys instead of passwords.

{Edit: I've expanded this guide to include using ssh keys}

SSH keys are a much better way to authenticate than passwords (I'm not going to go into pros and cons here). Suffice it to say that keys make it "impossible" to brute force a login. That being said, you'll still need to keep your keys secure.

Start by generating an ssh key with
ssh-keygen -t dsa

[Image: 6tpRx7w.png]

Then copy the contents of the public key to the ssh allowed keys directory

cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

You can then test to make sure that the key works by connection to localhost:

ssh localhost -i .ssh/id_dsa
(If you've moved the SSH port, you'll need to specify the port with -p)

Now nearly everything is set up server-side, you'll need to be able to connect to the server with the new settings. You'll need to copy the id_dsa file to your computer. For this purpose I used sftp, but you can use any other method.

Now you need to convert the key to a form that putty can use. Download puttygen. Then import the key, then save as a private key.

[Image: jHPH1GT.png]

Then set Putty to use they key in the "auth" tab.

If the login works, you can go ahead and setup the sshd to only use keys. Edit /etc/ssh/sshd_config and make sure the following lines match:
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no

Then restart the ssh daemon with
/etc/init.d/ssh restart
Pay respects to the malformed SYN packet.


RE: Securing SSH #2
Very basic information, although everyone should do this.
[Image: 7ajmN5P.jpg]

Discord: Oni#3781
Skype: oni_sl
XMPP: oniaraara@xmpp.jp
Telegram: oni_sl (Add)
Steam: Oni (Add)


RE: Securing SSH #3
Looks like a pretty good tutorial to cover the basics. Good luck with the contest?


RE: Securing SSH [Very Basic Security] #4
(07-28-2014, 01:06 PM)The_Joker Wrote: And that's it. By doing these two simple fixes, you've protected yourself form 99% of SSH attacks. If you want to go farther, you can look into using ssh keys instead of passwords.

Which you do by...?
More information is always better.


RE: Securing SSH [Very Basic Security] #5
You should look up Fail2ban too.


RE: Securing SSH [Very Basic Security] #6
Though good information, the better way to secure SSH would be to move to SSH keys for logins IMO.


RE: Securing SSH [Very Basic Security] #7
(07-28-2014, 01:06 PM)The_Joker Wrote: [Image: 6tpRx7w.png]

Still in the 90s, I see.


Users browsing this thread: 1 Guest(s)