Language Selection

English French German Italian Portuguese Spanish

SSH Security Primer: Server Security Settings

Filed under

My previous article in this series discussed SSH client security settings. To summarize, if you can’t control installations of rogue SSH clients, your only control is to limit outbound access through firewalling or other network-layer controls. Another of my articles discusses the issues with allowing outbound SSH access to the Internet.

SSH Servers: A Basic Risk Analysis

How do you secure your SSH servers? What are the total risks of such servers to your organization? You’re well aware of the possibility of people hacking your server and getting unauthorized access. That’s bad. But there are other risks. The SANS Institute’s Top 20 risk list really stresses SSH risks. If compromised, that host can be a router/forwarder that will forward any kind of traffic to any host the p0wned box can access—even your "secured" hosts given Internet Assigned Numbers Authority (IANA) reserved IP addresses. (Read RFC 3330 and RFC 1918 for the gory details on these addresses.) In most cases, those addresses aren’t accessible over the Internet.

More of a concern is your host’s threat to the rest of the Internet.

Full Story.

More in Tux Machines

Linux Mint Devs Want to Know How Many Gamers Are Using the OS

The Linux Mint developers are polling the Linux community to find out how many people are playing games and what they can do to improve the things on their side. Read more

Omnibond Releases CloudyCluster on Red Hat Enterprise Linux in the AWS Marketplace

Today Omnibond announced the release of CloudyCluster running on Red Hat Enterprise Linux in the AWS Marketplace, establishing a new level of HPC research and discovery available to everyone. Read more

More OpenSUSE Leap Linux Kernel Benchmarks

Earlier this week I posted a number of openSUSE Leap benchmarks of their different kernels: debug, default, desktop, and vanilla. Here's some follow-up tests with more results from comparing the openSUSE 42.1 Leap Beta kernel builds. The tests are very similar to the article earlier this week, just with many more data-points now after seeing the performance differences from the initial test suite. Read more

LinuxCon 2015 Report: Dirk Hohndel Chats with Linus Torvalds

For many LinuxCon attendees, one of the biggest event highlights is the opportunity to rub elbows with the people who actually write the Linux code. The only thing that can top that? Hearing from Linus Torvalds himself, the man who created it 24 years ago and still writes the code to this day. Read more