SSH server security

From UA Wiki

You are planning to setup your UA computer to accept SSH connections from the outside? Then this might be interesting for you.

If an SSH daemon is running on your machine, you can conveniently go

from anywhere in the world and upon successful completion of the password form you are on a command line of your computer at the UA and you can do what you want to.

There are, however, some questions of security to be considered. It is apparently not possible for the UA to install firewalls to keep malicious people from trying to logon to your machine.

The following is an excerpt of my log files five hours after I set-up the SSH daemon an opened port 22

[...]
Aug 11 20:37:29 N5 sshd[29532]: input_userauth_request: invalid user samba
Aug 11 20:37:38 N5 sshd[30188]: Invalid user server from 125.69.132.101
Aug 11 20:37:38 N5 sshd[30292]: input_userauth_request: invalid user server
Aug 11 20:37:43 N5 sshd[31274]: Invalid user share from 125.69.132.101
Aug 11 20:37:43 N5 sshd[31291]: input_userauth_request: invalid user share
Aug 11 20:37:49 N5 sshd[31489]: Invalid user shell from 125.69.132.101
Aug 11 20:37:49 N5 sshd[31510]: input_userauth_request: invalid user shell
Aug 11 20:37:55 N5 sshd[31627]: Invalid user sim from 125.69.132.101
Aug 11 20:37:55 N5 sshd[31638]: input_userauth_request: invalid user sim
Aug 11 20:37:58 N5 sshd[31696]: Invalid user sim from 125.69.132.101
Aug 11 20:38:01 N5 sshd[31798]: Invalid user simulator from 125.69.132.101
Aug 11 20:38:01 N5 sshd[31801]: input_userauth_request: invalid user simulator
[...]

As we can see, this is one login attempt within 3 seconds, clearly a bruteforce dictionary attack. If you have username/password combinations such as "user"/"abc" or "admin"/"admin" on your computer, and if you can use them to login through SSH, be sure that your machine is hacked already.

If you didn't set up one yourself, there is not firewall protecting your SSH connection!

It is hence essential to take some steps to increase security yourself.

Possible ways to do so include, but are not limited to:

• Disallow root authentication through SSH.
• Move to passwordless login.
• Blacklist servers which are known to be breeding areas for hackers and script kiddies. DenyHosts has proven to be very useful in this context.
• Other programs: Fail2ban.

As usual, there are helpful guides galore on the internet (see below).

External links

• Five steps to a more secure SSH
• Hardening OpenSSH
• Making SSH more secure.