Hardening SSH

/..

<WHAT>

SSH (Secure Shell) is a networking protocol that provides an encrypted remote connection between a client and a server. This secure link allows for tasks such as copying files, downloading data, and configuring a host through an encrypted connection. SSH typically operates on port 22, though this can be changed based on the configuration file in ‘/etc/ssh/sshd_config’. A PC can function as both a client and a server depending on the task.

To connect via SSH, you might use commands like these:

#Lets connect to bob via SSH in different ways
D3F3ND3R@hi-world:~$ ssh bob@localhost #via localhost 
D3F3ND3R@hi-world:~$ ssh [email protected] #via an IP 
D3F3ND3R@hi-world:~$ ssh [email protected] #via hostname
D3F3ND3R@hi-world:~$ ssh [email protected] #via domain

<WHY>

When using SSH, it’s essential to implement robust security measures to protect your system from potential threats. Hackers frequently deploy bots, compromised machines controlled remotely, to scan the internet for open services, and SSH is often a prime target. If an attacker gains access to your SSH server, they could potentially compromise critical systems and sensitive data since SSH is used for remote access and management.

<HOW>

To harden your SSH server and enhance security, consider implementing the following measures. While the order of these steps is flexible, applying multiple security practices makes it more difficult for attackers to breach your server:

  1. Change the Default Port Number: Move SSH from default port 22 to a random port. This will mitigate the chances of automated scans done by attackers to scan for port 22 on the internet.
  2. Disable Root Login: Prevent direct root access by configuring SSH to disallow root logins.
  3. Enable SSH Key Auth: Disable password authentication and use key-based authentication instead of passwords. SSH keys are significantly harder to crack compared to password-based logins.
  4. Implement Multi-Factor Authentication (MFA): Add an extra layer of security by requiring an additional form of authentication.
  5. Verify Fingerprints and Monitor Logs: Regularly check SSH key fingerprints to ensure they match those expected for your client and server. Also, actively monitor SSH logs for any suspicious activity or unauthorized access attempts.

<DEMONSTRATION>

For a detailed step-by-step guide, I recommend watching my demonstration video. In the video, I demonstrate the following:

  1. Attack Simulation [Bonus :)]: Perform a network scan and brute force attack on the SSH server as an attacker.
  2. Remediation: Applying various security measures on the SSH server to defend against such attacks as a Linux admin.

This hands-on lab helps visualize the implementation of security measures and effectiveness in safeguarding your SSH server from potential threats. For those who are not comfortable using the terminal, I also provide explanations of what these commands do.