[kwlug-disc] Tightening up SSH
adamglauser at gmail.com
Mon Jul 19 09:10:45 EDT 2010
On 19/07/2010 8:37 AM, Johnny Ferguson wrote:
> Recently I've been seeing a lot of activity in /var/log/auth.log (of the
> sshd sort). Sometimes 5 straight hours of brute force attacks.
Yikes! I guess I should start checking my logs too.
> SO, just wondering what advice anyone could offer on hardening SSH. I
> might be a little paranoid, but I think it's still in the range of being
As Dave Cramer mentioned, it is best to use public key authentication
instead of username/password authentication. The odds of a brute-force
attack succeeding go up dramatically. I suspect that no one even
bothers, and instead goes after the ssh servers that use
username/password authentication. This can be a bit of a hassle
however, as you need to have your keypair available whenever you want to
sign in to your ssh server.
> P.S. How do 2 machines determine an encryption key and communicate this
> to eachother without giving the key away? Are there any good articles on
> how SSH works and what potential vulnerabilities are?
SSH uses the Diffie-Hellman Key Exchange protocol to establish a shared
secret for the session. It's pretty cool stuff, the Wikipedia article*
has a pretty good explanation of the theory. You might want to read a
bit about modular arithmetic** first if you don't already understand it.
RFC4419*** describes some of the security considerations surrounding the
More information about the kwlug-disc_kwlug.org