Security Basics mailing list archives

RE: Securing SSH

From: "Vinicius Moreira Mello" <vinicius () lineone net>
Date: Sat, 10 Jan 2004 15:33:03 -0200

Roland,

There are various considerations in doing ssh security. The ssh(1) man page
is extremely useful in answering many of your questions and presenting many
options to do so. You can also think about using tcp-wrappers.

vmm.

(I don't like answers things like "read  the man page", but in this case
no discussion would be so useful as reading the ssh(1) man page)

-- Original Message --
Reply-To: <rolandv () xtra co nz>
From: "Roland Venter" <rolandv () xtra co nz>
To: <security-basics () securityfocus com>
Subject: Securing SSH
Date: Sat, 10 Jan 2004 12:53:31 +1300


I need to manage several servers remotely via SSH, I'm interested in ways

to
secure the connection and prevent unauthorised access.

My thoughts:
Limit access to only allow remote connections from our management network
via iptables rules. Works b

t what if our ISP changes our fixed IP, which

means we are effectively locked out from all the servers and requires a
site
visit to update the rules.

We also need to provide access to engineers working from home using dialup,
etc

Some sort of

lient certificates to supplement username and password,


Recommendations on securing the SSH daemon etc

Any ideas and tips or random thoughts appreciated

Cheers,
Roland






-------------------------------------------------------------

-------------

Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any

course! All of our class sizes are guaranteed to be 10 students or less.

We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,

and man

other technical hands on courses.

Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off

any course!
----------------------------------------------------------------------------





---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------

Current thread:

Securing SSH Roland Venter (Jan 09)
- Re: Securing SSH security (Jan 12)
- Re: Securing SSH Jude Naidoo (Jan 12)
- RE: Securing SSH Vinicius Moreira Mello (Jan 12)
- Re: Securing SSH Kevin Saenz (Jan 12)
- RE: Securing SSH Ethan King (Jan 12)
- Re: Securing SSH Brian C. Lane (Jan 12)
- Re: Securing SSH Miles Stevenson (Jan 12)
- Re: Securing SSH Joerg Over Dexia (Jan 12)
  - Re: Securing SSH Kaushik Mukherjee (Jan 13)
- Re: Securing SSH Luca Falavigna (Jan 13)
- <Possible follow-ups>
- RE: Securing SSH Shawn Jackson (Jan 14)