Language Selection

English French German Italian Portuguese Spanish

SSH Security Primer: Server Security Settings

Filed under
HowTos

My previous article in this series discussed SSH client security settings. To summarize, if you can’t control installations of rogue SSH clients, your only control is to limit outbound access through firewalling or other network-layer controls. Another of my articles discusses the issues with allowing outbound SSH access to the Internet.

SSH Servers: A Basic Risk Analysis

How do you secure your SSH servers? What are the total risks of such servers to your organization? You’re well aware of the possibility of people hacking your server and getting unauthorized access. That’s bad. But there are other risks. The SANS Institute’s Top 20 risk list really stresses SSH risks. If compromised, that host can be a router/forwarder that will forward any kind of traffic to any host the p0wned box can access—even your "secured" hosts given Internet Assigned Numbers Authority (IANA) reserved IP addresses. (Read RFC 3330 and RFC 1918 for the gory details on these addresses.) In most cases, those addresses aren’t accessible over the Internet.

More of a concern is your host’s threat to the rest of the Internet.

Full Story.

More in Tux Machines

New Intel Chips and Benchmarks

  • Intel Announces Early 8th Gen Core Processors, Coffee Lake
    Intel has rushed up the announcement of their 8th Gen Intel Core desktop processors following a recent leak. We can now confirm that these new Intel CPUs are en route to retailers, they have already arrived for testing, and will be benchmarked under Linux on Phoronix once that secondary embargo expires.
  • Intel Core i9 7980XE Linux Benchmarks: 18 Core / 36 Threads For $1999 USD
    Besides the embargo expiring this morning on the Intel Core i9 7960X, the Core i9 7980XE Extreme Edition processor is also now fair game. Here is our look at the Linux performance for this 18 core / 36 thread processor within a single 165 Watt package.
  • Intel Core i9 7960X Linux Benchmarks
    While Intel previously announced the expanded Intel Core X-Series line-up including the Core i9 7960X and Core i9 7980XE processors, only today is the performance embargo expiring as these CPUs begin to ship to further battle AMD's Ryzen Threadripper line-up. Here is today's launch-day Linux benchmarks of the Core i9 7960X.

Android Leftovers

Packet radio lives on through open source software

Packet radio is an amateur radio technology from the early 1980s that sends data between computers. Linux has natively supported the packet radio protocol, more formally known as AX.25, since 1993. Despite its age, amateur radio operators continue to use and develop packet radio today. A Linux packet station can be used for mail, chat, and TCP/IP. It also has some unique capabilities, such as tracking the positions of nearby stations or sending short messages via the International Space Station (ISS). Read more

Linux 4.14-rc2

I'm back to my usual Sunday release schedule, and rc2 is out there in all the normal places. This was a fairly usual rc2, with a very quiet beginning of the week, and then most changes came in on Friday afternoon and Saturday (with the last few ones showing up Sunday morning). Normally I tend to dislike how that pushes most of my work into the weekend, but this time I took advantage of it, spending the quiet part of last week diving instead. Anyway, the only unusual thing worth noting here is that the security subsystem pull request that came in during the merge window got rejected due to problems, and so rc2 ends up with most of that security pull having been merged in independent pieces instead. Read more Also: Linux 4.14-rc2 Kernel Released