TulipTools Internet Business Owners and Online Sellers Community

TulipTools Internet Business Owners and Online Sellers Community > Security > Internet Security > Web Server Security > How to improve the security of your OpenSSH server installations
Full Version: How to improve the security of your OpenSSH server installations
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mandy

04-22-2006, 11:46 AM
Quote:Here is a quick way to drastically improve the security of your OpenSSH server installations...

From personal experience with clients over the years, I have found that most administrators tend to install an SSH server and leave it at its default settings, typically to allow password authentication and root logins. Many don't even know that there is an alternative (key-based authentication), or they think the alternative is too hard to use. It is not - it takes all of five minutes to configure key-based authentication and disable root logins, and the security gains are enormous. Below, I'll step you through the process. I add comments where a step may not be needed.

Configuring and Testing Key-Based Authentication
This is not really a hard as it seems....

full article: http://geekpit.blogspot.com/2006/04/five...e-ssh.html

mandy

05-27-2006, 08:30 AM
A related article discusses ways to avoid creating exploitable holes in your system when you implement SSH:

Quote:SSH as Salvation?

Some years ago I started doing research on SSH, the wonder tool of the security set. I read one article about a clever SSH setup. The administrator’s DMZ hosts could contact the intranet patching server, something normally verboten. The DMZ servers would route through the administrator’s PC and then access the internal patching server. After considering the author’s SSH design, however, I soon recognized definite security impacts to this approach.

Although several major security compromises are made possible through poor SSH design, does that mean that SSH is a likely target? Consider this: SSH is one of the most attacked services. As the SANS Institute states in its current top 20 vulnerabilities roundup, "Of particular interest this year are attacks against SSH." SSH is rated U1, the top UNIX vulnerability. Why is SSH such a target? In this article, you’ll learn why people are implementing SSH on Windows, mainframe, and UNIX devices. We’ll explore port forwarding, a cool SSH capability. Then we’ll take apart the clever administrator’s SSH design, including attacks against key authentication itself...

full article: http://www.informit.com/articles/printer...p?p=471099&rl=1
TulipTools Internet Business Owners and Online Sellers Community > Security > Internet Security > Web Server Security > How to improve the security of your OpenSSH server installations