SSH: a Modern Lock for Your Server?


Federico Kereki

In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.

Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.

Fox Technologies

Table of Contents: 
  • Introduction
  • What Is SSH?
  • Is SSH Unbreakable?
  • Tips for Hardening SSH
    • Change the Standard SSH Port
    • Make Users Knock for Access
    • A void Configuration Weaknesses
    • Prefer Keys over Passwords
    • Limit Password-Based Logins
    • Enable Access Rules
    • Use PAM (Pluggable Authentication Modules) for Checks
    • Block Brute-Force Attacks
  • Upgrading the Lock: SSH Management
    • Standards, Policies and Compliance Requirements
    • SSH Management Risks
    • Software Management Requirements
  • Conclusion
About the Author: 

FEDERICO KEREKI is a Uruguayan systems engineer with more than 25 years of experience doing consulting work, developing systems and teaching at universities. He is currently working as a UI Architect at Globant, using a good mixture of development frameworks, programming tools and operating systems—and FLOSS, whenever possible! He has written several articles on security, software development and other subjects for Linux Journal, IBM developerWorks and other Web sites and publications. He also wrote the Essential GWT book.