SSH Security Primer: Server Security Settings
My previous article in this series discussed SSH client security settings. To summarize, if you can’t control installations of rogue SSH clients, your only control is to limit outbound access through firewalling or other network-layer controls. Another of my articles discusses the issues with allowing outbound SSH access to the Internet. If unmonitorable tunnels into your intranet are not a concern, then you have the following goals:
- Securing the user’s private key
- Ensuring that the authentication of SSH servers isn’t disabled (or too trivially reconfigured by users automatically trusting any and all server keys)
- Making sure that files sourced at SSH startup aren’t hacked, etc.
There, that was easy.
Before you read this article, please review the OpenSSH man pages for the daemon and the OpenSSH client. OpenSSH has a pretty righteous FAQ as well. Review all the technical background yourself, because I can’t do that in this article. Consider a good SSH book, and go to Safari to check out the hundreds of hits from many, many books.
SSH Servers: A Basic Risk Analysis
How do you secure your SSH servers? What are the total risks of such servers to your organization? You’re well aware of the possibility of people hacking your server and getting unauthorized access. That’s bad. But there are other risks. The SANS Institute’s Top 20 risk list really stresses SSH risks. If compromised, that host can be a router/forwarder that will forward any kind of traffic to any host the p0wned box can access—even your "secured" hosts given Internet Assigned Numbers Authority (IANA) reserved IP addresses. (Read RFC 3330 and RFC 1918 for the gory details on these addresses.) In most cases, those addresses aren’t accessible over the Internet.
More of a concern is your host’s threat to the rest of the Internet. With poor security, the unmonitorable SSH pipe leads from your host to the Internet itself. What will you do when your mail servers are blacklisted because of your machine being every spammer’s holiday present? Poorly secured SSH servers are a threat both to your organization and to other organizations, and just may get you blacklisted. Obviously, it’s important to secure these servers.
Server security offers many more options than client security. It’s important to establish your baseline server security before configuring the first OpenSSH server. Let’s dive in.