Top 20 OpenSSH Server Best Security Practices

Posted on in Categories CentOS, Debian Linux, fedora linux, FreeBSD, Gentoo Linux, Howto, Linux, Networking, package management, RedHat/Fedora Linux, Security, Suse Linux, Sys admin, Tips, Ubuntu Linux, UNIX last updated January 31, 2016
Don't tell anyone that I'm free

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.

What To Do: Users Still Wants Telnet

Posted on in Categories CentOS, fedora linux, GNU/Open source, High performance computing, Howto, Linux, package management, RedHat/Fedora Linux, Security, Ubuntu Linux, UNIX last updated August 26, 2008

TELNET (TELecommunication NETwork) is a network protocol used on the Internet or local area network (LAN) connections. It was developed in late 60s with RFC 15. Telnet is pretty old for login into remote system and it has serious security problem. Most admins will recommend using Open SSH (secure shell) for all remote activities. But you may find users who are still demanding telnet over ssh as they are comfortable with Telnet. Some users got scripts written in 90s and they don’t want to change it. So what do you do when users demands telnet?

Download of the Day: OpenSSH Server 5.0 ( security fix release )

Posted on in Categories Data recovery, Howto, Linux, Networking, OpenBSD, Security, UNIX last updated April 8, 2008

OpenSSH Logo
One of the most popular remote server management service has just released security fix version. This version avoid possible hijacking of X11-forwarded connections by refusing to listen on a port unless all address families bind successfully. You can download OpenSHH Server from official project web site or wait for your distro to release updated version.

Chroot in OpenSSH / SFTP Feature Added To OpenSSH

Posted on in Categories Howto, Linux, Networking, OpenBSD, Security last updated February 20, 2008

For regular user accounts, a properly configured chroot jail is a rock solid security system. I’ve already written about chrooting sftp session using rssh. According to OpenBSD journal OpenSSH devs Damien Miller and Markus Friedl have recently added a chroot security feature to openssh itself:

Unfortunately, setting up a chroot(2) environment is complicated, fragile and annoying to maintain. The most frequent reason our users have given when asking for chroot support in sshd is so they can set up file servers that limit semi-trusted users to be able to access certain files only. Because of this, we have made this particular case very easy to configure.

This commit adds a chroot(2) facility to sshd, controlled by a new sshd_config(5) option “ChrootDirectory”. This can be used to “jail” users into a limited view of the filesystem, such as their home directory, rather than letting them see the full filesystem.

Happy 8th Birthday, OpenSSH!

Posted on in Categories News, OpenBSD last updated September 27, 2007

OpenSSH is most prominent implementation of the SSH protocol. I can’t imagine my life without OpenSSH. Almost all of my devices / server / network equipment such as routers and tiny embedded device has OpenSSH these days.
Happy 8th Birthday, OpenSSH! - Logo
From OpenBSD journal:

Eight years ago today, Sept 26 1999, Theo de Raadt committed the initial source code for OpenSSH to the OpenBSD repository. The code was a fork of Björn Grönvall’s OSSH, which was derived from an early version of the increasingly “less free” ssh from Tatu Ylönen.