Results 1 to 7 of 7

Thread: SSH Server Sandbox

  1. #1
    Join Date
    Aug 2009
    Beans
    14

    SSH Server Sandbox

    I like to setup an SSH-Server on my desktop computer for remote access. Some time ago I found an article about doing this somehow in a sandbox such that possible break-ins go into the void. Does anybody know how this works and do I lose functionality when using the sandbox?Thanks a lot,Ubentoo

  2. #2
    Join Date
    Jun 2007
    Beans
    1,941

    Re: SSH Server Sandbox

    Are you talking about BasciChroot...? Doesn't sound like it based on your description, but I'm not sure what you are describing.

  3. #3
    Join Date
    Sep 2007
    Location
    England
    Beans
    1,103

    Re: SSH Server Sandbox

    it's probably easier to install something like denyhosts or fail2ban

    These are daemons that monitor /var/log/auth.log, and if they detect suspicious activity (brute forcing SSH login, for example) they add that IP to /etc/hosts.deny which bans the IP from further connections

  4. #4
    Join Date
    Mar 2007
    Location
    Wenatchee, WA
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: SSH Server Sandbox

    If your machine is behind a router with a firewall, and/or has a firewall on the local box itself, you can control or at least cut down on where you accept ssh connections from. And if you use passwordless ssh (with keys)... it becomes very difficult for someone to break into your ssh login at all, at which point the whole 'sandbox' thing starts to seem like a wee bit of overkill. An interesting exercise, though...

  5. #5
    Join Date
    Aug 2009
    Beans
    14

    Re: SSH Server Sandbox

    Thank you very much, I think Basic Chroot was the thing I was looking for. Fail2ban is of course good against attackers, but in case of a successful intrusion a sandbox seems to be nice.

  6. #6
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: SSH Server Sandbox

    Instead of chrooting ssh, why not just use key authentication and disable password authentication, and leave it at that?

    That would effectively prevent someone from authenticating with a password.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  7. #7
    Join Date
    Nov 2005
    Beans
    12

    Re: SSH Server Sandbox

    You might consider using port blocking that could be used to open and close port 22 in iptables

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •