Blog

Best Practices for Security in SSH

09.10.2020 Read
Best Practices for Security in SSH

Secure Shell (abbreviated as SSH) is a network protocol that aims to offer an extra layer of protection. In this article, we will discuss how you can ensure the security of your network using SSH. Keep reading to learn more!

With the advancements in technology, many business processes we carry out today heavily relies on the internet, online tools and connected devices. That is why taking the necessary precautions to ensure the network security has utmost importance: If/when an organization fails to secure their network, they are open to cyber attacks which can result in data breaches, losing digital assets, losing business and even going out of business.

In this article, we will discuss SSH (Secure Shell), why it is important for the network security practices and what you can do to secure SSH. Keep reading to learn!

What is SSH?

SSH (also known as the Secure Shell or Secure Socket Shell) can be defined as a cryptographic network protocol. SSH aims to give the users (mostly the system administrators) a secure means to reach a computer within a network.

Although SSH is often used for applications like remote login, remote command line and remote command execution, almost all network services can be secured with the use of SSH.

Secure Socket Shell employs the public-key cryptography methods in order to carry out authentication processes for the remote computer. You can opt for various different ways to use SSH -for instance you can first encrypt your network connection by using automatically generated key pairs (public-private key pairs), then you can go for password authentication for logging on. Or you can opt for using a manually generated key pair (public-private) for the authentication process. This way you can let the users and/or programs log in without hassling with a password.

What does SSH do?

SSH offers two main functions:

  • Logging on to remote systems and running terminal sessions, remote commands and such on these remote systems.
  • Transferring files between remote systems on the same network.

Before SSH was developed and popularized, different methods were in use for each of these functions:

Insecure emulation or login programs like rlogin, Telnet and remote shell (rsh) for remote log on and running remote terminal sessions.

File transfer programs like rcp (remote copy) and File Transfer Protocol (FTP) for file transfer purposes in the network.

How to secure SSH

If you want to make sure that your SSH server is impenetrable and secure, you should follow the steps below:

  1. Set a custom SSH port. By default, SSH is set to be listening on port 22. Unfortunately, almost all cyber attackers know that. That is why changing it to something random like Port 821 offers an additional layer of security by obscurity.
  2. Employ TCP wrappers. TCP Wrappers offer a host-based ACL protection that will allow you to sort out and filter who is able to access the SSH server.
  3. Disable root login. Another default setting of the SSH server is that it allows root login on Unix and Linux operating systems. Since this feature can easily be exploited by the cyber attackers, we advise you to disable it.
  4. Disable empty passwords. Again, in Unix and Linux operating systems, SSH server allows the users to create empty passwords which practically mean keeping the door open for intruders. Make sure that no user opts for an empty password by disabling the option.
  5. Block SSH brute force attacks. In order to do so, you can opt for manually going through the system logs, detect the intruders and block them by using the firewall. Another (and much easier) method is using tools like Fail2ban, SSHGuard and such.

WRITTEN BY

Logsign Team

RELATED TAGS

Related Blog Posts

Discover All
Data Management on Logsign SIEM: What you must know

07.10.2020

Data Management on Logsign SIEM: What you must know

In this article, we explore data management on Logsign SIEM, covering policies, lookup tables, data connections, backup, and signature...

Learn more
SIEM Alerts Best Practices

05.10.2020

SIEM Alerts Best Practices

In this article, we discuss SIEM alerts best practices and how you can implement them for your organization on Logsign SIEM.

Learn more

02.10.2020

Logging of security events in SIEM

This article discuss logging of security events by a SIEM solution.

Learn more
Discover All