Ssh

Tutorial: Top 20 OpenSSH Server Security Tipps

OpenSSH ist die Implementierung des SSH-Protokolls. OpenSSH ist für Remote Login empfohlen, das Erstellen von Backups, Remote-File-Transfer per SCP oder SFTP, und vieles mehr. SSH ist ideal, um die Vertraulichkeit und Integrität von Daten zwischen zwei Netzwerken und Systemen austauschen. Allerdings ist der Hauptvorteil Server-Authentifizierung, durch den Einsatz von Public-Key-Kryptographie. Von Zeit zu Zeit gibt es Gerüchte über OpenSSH Zero-Day-Exploit. Hier sind ein paar Dinge, die Sie zu zwicken, um OpenSSH-Server-Sicherheit zu verbessern. Die Default Config Files und der SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys or ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the user’s account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP 22 Tipp Nr. 01: OpenSSH Server Deaktivieren Laptops und Workstationen funktionieren auch ohne OpenSSH-Server. Wenn Sie nicht mit Remote Login und einer Dateiübertragungsfunktionen per SSH arbeiten, deaktivieren und entfernen Sie den sshd-Server. RHEL / Fedora / CentOS Linux-Benutzer deaktivieren und entfernen den openssh-server mit dem yum Befehl:

Continue reading

SSH via HTTP - proxytunnel

SSH via HTTP — proxytunnel Excerpt SSH is a hugely powerful tool for communicating with and manipulating remote machines, and as a result many companies fear it and try to block it. As such, many corporate firewalls block port 22, the port naturally used by SSH. However, few corporations can afford to block ports 80 or 443, the ports designated for http traffic. SSH is a hugely powerful tool for communicating with and manipulating remote machines, and as a result many companies fear it and try to block it. As such, many corporate firewalls block port 22, the port naturally used by SSH. However, few corporations can afford to block ports 80 or 443, the ports designated for http traffic. It is possible to work around these firewalls by configuring SSH to listen on either port 80 or 443. However, this approach is only suitable if you are not already using, or planning to use, port 80 or 443 to serve your websites. There is, however, another option. If you have are running an Apache webserver, you can configure it to act as an HTTP or HTTPS proxy and use it to forward SSH traffic that comes in on ports 80 and 443 to your SSH server.

Continue reading