Ini, Itu, dan Anu

Secure Shell (SSH) is a very handy network protocol which a network/system administrator might use all the time. SSH provides us with the capabilities of data communication, remote login and remote command execution. As a network/system administrator we might be faced with the responsibilities of managing a large amount of server computers. Imagine the pains we would suffer if we have to keep moving around and connecting monitor and keyboard (if we have more computers than monitors) from one computer to another every time we have to manage them. To make our life easier, we can use the SSH protocol with the concept of client server between computers connected on the same network. We just need to run SSH server service on the server side and use our SSH client to do our job from our workstation.

For every network service running, there will always be vulnerabilities following. The same goes with SSH. Here are some basic things we can do to improve the security of our SSH system:

1. Limit users and groups
   We can use the concept of white-listing and black-listing users and groups from SSH access. Adding these lines on sshd_config file will give them the only access to connect through sshd daemon and deny other users and groups.
   AllowGroups [GROUPNAME]
AllowUsers [USERNAME1] [USERNAME2]
2. Use non-standard port
   The default port for SSH is TCP port 21, so let’s say someone manage to get your system’s login username and password through SQL injection attack, they might try to find out whether our system has a running SSH daemon or not using port scanner. So we can try to hide it into another common port like TCP port 80. The result of port scanning might think it was a HTTP port.
3. Firewall
   The use of firewall is a very basic things to do when we try to harden our system. Try to make some rule for SSH’s TCP port 21 like creating iptables rules for a limited number of IPs which can connect to your port.
4. SSH key pairs
   Disabling password-based authentication and using SSH key pair is very helpful if you give SSH access to some users which doesn’t always has strong password. It also help preventing brute force attacks to succeed.
5. Limit authentication tries
   You can prevent brute force attacks by giving a limited number of tries for authentication process. When attacker tried a few false password your system can ban them from trying again for a certain period of times. denyhosts and fail2ban can be used for this task, while denyhosts can only work to deny SSH daemon, fail2ban can also be used for other services like FTP.

• Author
• Recent Posts

Satrio G. Nugraha

Satrio is a self-proclaimed technology geek. He is currently employed by IBM Indonesia as an IT Specialist which handles IBM xSeries servers, IBM zSeries mainframes and multi vendor network devices. He listens to various kinds of musics (he personally believes that music should not be put into boxes such as genres and everybody is free to listen to whatever kind of music whenever they feel like it).

Latest posts by Satrio G. Nugraha (see all)

• In search of linux distro with beautiful desktop - October 21, 2015
• Mount Network Drive Using Windows CMD - January 28, 2015
• Install Dropbox on Linux - January 25, 2015

brute force, firewall, hacking, security, ssh