Threaded Mode | Linear Mode

***mandy*** · 04-22-2006, 11:46 AM,

Quote:Here is a quick way to drastically improve the security of your OpenSSH server installations...

From personal experience with clients over the years, I have found that most administrators tend to install an SSH server and leave it at its default settings, typically to allow password authentication and root logins. Many don't even know that there is an alternative (key-based authentication), or they think the alternative is too hard to use. It is not - it takes all of five minutes to configure key-based authentication and disable root logins, and the security gains are enormous. Below, I'll step you through the process. I add comments where a step may not be needed.

Configuring and Testing Key-Based Authentication
This is not really a hard as it seems....

full article: http://geekpit.blogspot.com/2006/04/five...e-ssh.html

***mandy*** · 05-27-2006, 08:30 AM,

A related article discusses ways to avoid creating exploitable holes in your system when you implement SSH:

Quote:SSH as Salvation?

Some years ago I started doing research on SSH, the wonder tool of the security set. I read one article about a clever SSH setup. The administrators DMZ hosts could contact the intranet patching server, something normally verboten. The DMZ servers would route through the administrators PC and then access the internal patching server. After considering the authors SSH design, however, I soon recognized definite security impacts to this approach.

Although several major security compromises are made possible through poor SSH design, does that mean that SSH is a likely target? Consider this: SSH is one of the most attacked services. As the SANS Institute states in its current top 20 vulnerabilities roundup, "Of particular interest this year are attacks against SSH." SSH is rated U1, the top UNIX vulnerability. Why is SSH such a target? In this article, youll learn why people are implementing SSH on Windows, mainframe, and UNIX devices. Well explore port forwarding, a cool SSH capability. Then well take apart the clever administrators SSH design, including attacks against key authentication itself...

full article: http://www.informit.com/articles/printer...p?p=471099&rl=1