Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Best SSH Login Strategy

  1. #1
    Join Date
    Sep 2010
    Location
    Burlington, VT
    Beans
    132
    Distro
    Ubuntu 12.04 Precise Pangolin

    Best SSH Login Strategy

    Hello all. I run a web/file server at my house. I run ssh on it so I can ssh into it when I'm not at home or I can run sftp to grab random files.

    I currently only use password authentication for ssh logins. I know that this is quite insecure and that I should be using public/private keys.

    However I like being able to log in from pretty much any computer I want and be able to access my machine. The only reason I'm concerned now is looking at my auth.log file I have noticed tons and tons of automated log in attempts through ssh. While they are all stupid and will not get in it still concerns me.

    Now would there be any way to still allow me to log in from any computer through ssh yet keep out these automated(maybe eventually not automated) log in attempts?

  2. #2
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Best SSH Login Strategy

    Security and convenience are often competing goals. Personally, I think you should never login through SSH from "any computer" (in particulat, any compuer whose security status you cannot ascertain). If you do, you're insecure anyway so it's not like it matters. To cut the noise in auth.log, look at fail2ban.

  3. #3
    Join Date
    Sep 2010
    Location
    Burlington, VT
    Beans
    132
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Best SSH Login Strategy

    Quote Originally Posted by Bachstelze View Post
    Security and convenience are often competing goals. Personally, I think you should never login through SSH from "any computer" (in particulat, any compuer whose security status you cannot ascertain). If you do, you're insecure anyway so it's not like it matters. To cut the noise in auth.log, look at fail2ban.
    Most of the ssh logins are through my laptop that I use. However I do use sftp occasionally on computers on campus when either my laptop is dead or I need a file on that machine for whatever reason. Is there any way around this?

    I will look into fail2ban though. thanks

  4. #4
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Best SSH Login Strategy

    Quote Originally Posted by Hack.The.Pow. View Post
    Most of the ssh logins are through my laptop that I use. However I do use sftp occasionally on computers on campus when either my laptop is dead or I need a file on that machine for whatever reason. Is there any way around this?
    SSH is not the only way to grab files. You can install Apache for example and put the files you want to download in your public_html.

    But if you want to use SSH, either you enable password authentication or you don't. There's no way around that that I know of.

  5. #5

    Re: Best SSH Login Strategy

    If you're going to use password authentication at least use PAM module for Google 2-step verification, that is assuming you have android/iphone/blackberry cellphone Click

    fail2ban or denyhosts are good for securing ssh too.

  6. #6
    Join Date
    Sep 2006
    Beans
    7,953
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Best SSH Login Strategy

    If you carry a valid key on a USB-stick then you can use keys and still log in from random computers.
    The Truth Shall Make Ye Fret.

  7. #7
    Join Date
    Jul 2006
    Beans
    325

    Re: Best SSH Login Strategy

    just don't use the default port.

    change the port forwarding on the router, like from 9999 to 22 local.

    then just ssh -p 9999 ....

  8. #8
    Join Date
    Apr 2006
    Location
    Ubuntuland
    Beans
    2,124
    Distro
    Ubuntu 13.10 Saucy Salamander

    Exclamation Re: Best SSH Login Strategy

    Quote Originally Posted by boast View Post
    just don't use the default port.

    change the port forwarding on the router, like from 9999 to 22 local.

    then just ssh -p 9999 ....
    Changing the port number does NOT in ANY way improve the security.
    24 beers in a case, 24 hours in a day. Coincidence? I think not!

    Trusty Tahr 64 bit, AMD Phenom II 955 Quad Core 3.2GHz, GeForce 9600 GT
    16G PC2-6400 RAM, 128 GB SSD, Twin 1TB SATA 7200 RPM RAID0

  9. #9
    Join Date
    Jul 2006
    Beans
    325

    Re: Best SSH Login Strategy

    Quote Originally Posted by Slim Odds View Post
    Changing the port number does NOT in ANY way improve the security.
    oh yes it does. I would bet $100 those bot login attempts will go away.

    He is not trying to defend himself from a targeted attack....

  10. #10
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Best SSH Login Strategy

    Quote Originally Posted by boast View Post
    oh yes it does. I would bet $100 those bot login attempts will go away.

    He is not trying to defend himself from a targeted attack....
    The bot login attemps are only a security threat if your password is lousy in the first place. I hope we can all agree that having a lousy password is always a bad idea.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •