Security
There have been several security issues identified with the SSH. Also Security web sites have noticed recently that hackers have been running scans searching the SSH service and trying to crack a login and password into systems. This brings up some all important issues when dealing with the SSH program.
First off the latest version of SSH should always be installed. As of this post the latest version of OpenSSH is 3.9 released Aug 17, 2004. The second thing to do is ensure your public and private keys are secured with proper file permissions.
These two steps fix the majority of the issues people have had with the SSH agent. Occasionally there are issues of password brute force attempts. Ensuring you use a strong password is the first step along with safeguarding your public and private keys.
The Network scanning site has identified several security issues with version 2.3.1, 2.5.x, 3.0.1 and port forwarding with 2.3.0.
I have also identified a security issue when you are using X11 Forwarding in that the connection is a two way connection and anyone you can connect to can connect back into you.
************************************* UPDATE **************************
Geekspeek.org has a post on some security steps to take when configuring SSH, the file which needs to be reconfigured is /etc/ssh/sshd_config. The one main difference which isn't covered in the configuration post is the line which reads: Protocol 2; if there is a 1 after the 2, remove the 1. This tells SSH which versions of SSH to run. there are too many security issues with the first version of SSH to even consider running. There is also a comment regarding the UsePrivilegeSeparation line which the only information I've been able to find is that this feature is not compatible with SSH version 3.2 or earlier.
To return to the main directory for SSH Tutorials.
First off the latest version of SSH should always be installed. As of this post the latest version of OpenSSH is 3.9 released Aug 17, 2004. The second thing to do is ensure your public and private keys are secured with proper file permissions.
These two steps fix the majority of the issues people have had with the SSH agent. Occasionally there are issues of password brute force attempts. Ensuring you use a strong password is the first step along with safeguarding your public and private keys.
The Network scanning site has identified several security issues with version 2.3.1, 2.5.x, 3.0.1 and port forwarding with 2.3.0.
I have also identified a security issue when you are using X11 Forwarding in that the connection is a two way connection and anyone you can connect to can connect back into you.
************************************* UPDATE **************************
Geekspeek.org has a post on some security steps to take when configuring SSH, the file which needs to be reconfigured is /etc/ssh/sshd_config. The one main difference which isn't covered in the configuration post is the line which reads: Protocol 2; if there is a 1 after the 2, remove the 1. This tells SSH which versions of SSH to run. there are too many security issues with the first version of SSH to even consider running. There is also a comment regarding the UsePrivilegeSeparation line which the only information I've been able to find is that this feature is not compatible with SSH version 3.2 or earlier.
To return to the main directory for SSH Tutorials.
<< Home