13,420
edits
Changes
no edit summary
<u>'''Establishing a Safe SSH Connection: Public Key Authentication'''</u>
[[Image:spoof.png|thumb|right|485px|If you receive a message like the one displayed above, you should investigate why it is happening as it could indicate a '''serious security issue''', or it could just mean that something on '''the host has changed'''(i.e. the OS was <u>reinstalled</u>)]]
When a user connects to a host using ssh, the host sends a fingerprint or digital signature to the client to establish its identity. The first time a connection is established the identity must be stored for subsequent connections. The fingerprints are stored separately for each user in a file called <code>~/.ssh/known_hosts</code> . <br /><br />From now on when you connect to that host the client will compare the received fingerprint against the list of known hosts before connecting. If the fingerprint does not match it could indicate somebody had setup a system to impersonate the computer you wish to connect to and you would receive a message similar to depicted in the diagram on the right.
==INVESTIGATION 2:==
<u>'''Using SSH Effectively'''</u>
When you have created an SSH server, then users can take advantage of secure shell tools (including the '''scp''' and '''sftp''' utilities)
The ssh client utility also contains many options to provide useful features or options when establishing secure connections between servers. One of these features is referred to as '''tunnelling''' - this term refers to running programs on remote servers (i.e. running the program on a remote server, yet interacting and viewing program on your local server. Since '''X-windows''' in Linux is a support <u>layer</u> to transmit graphical information efficiently between servers, ssh tunnelling becomes more useful and important to allow organizations to work efficiently and securely in a user-friendly environment.
<u>'''Making SSH More Secure'''</u>
Anytime you configure your computer to allow logins from the network you are leaving yourself '''vulnerable to potential unauthorized access''' by so called "hackers". Running the sshd service is a fairly common practice but '''care must be taken to make things more difficult for those hackers that attempt to use "brute force" attacks to gain access to your system. Hackers use their knowledge of your system and many password guesses to gain access'''. They know which port is likely open to attack (TCP:22), the administrative account name (root), all they need to do is to "guess" the password.<br><br> Making your root password (and all other accounts!) both quite complex but easy to remember is not hard.
The Linux system administrator can also '''configure the SSH server to make the SSH server more secure'''. Examples include not permitting root login, and change the default port number for ssh.
<u>'''Deceiving the "Hacker"'''</u>
To help harden (protect a server from attack or "penetration"), system or security administrators have the ability to "trick" or "mislead" a potential hacker in order to prevent system penetration.
In this part, you will learn to use a combination of '''SSH server configuration''' and '''iptables rules''' to <u>redirect</u> the SSH port to allow secure data traffic via another port (as opposed to the default port: 22), and use iptables to reject (better log) incoming tcp traffic via the default port.
What is the result of this?
Simple. Permit the SSH service for the organization, and yet '''trick and confound the potential hacker''' into thinking that ssh traffic is used on a port that is no longer available (but they may not know this!)
Sneaky! >;)
{{Admon/important |Be Aware of the Following Issues| Be aware of these common mistakes that students make that can cause problems for their future labs.}}
* Not following instructions
* Not constantly issuing commands to verify previous command were properly executed
