On Wednesday 14 March 2007 10:04, Dan Shoop wrote:
> At 9:18 AM -0700 3/14/07, Dominic Lepiane wrote:
> >Content-Type: multipart/signed; boundary="nextPart19268106.kXOfB6aYL2";
> > protocol="application/pgp-signature"; micalg=pgp-sha1
> >Content-Transfer-Encoding: 7bit
> >
> >There's consequences no matter what course of action you take. I would
> > say generally SSH is a secure service (assuming you update your server
> > regularly) but be aware:
> >
> >a) SSH scans/probes are very common right now. Accounts with very bad
> >passwords may get compromised by these worms. Moving to a non-standard
> > port would circumvent this.
>
> Not really. You just disguised the port but any smart attacker will
> notice the service running on another port and switch to targeting
> that.
>
This is true, a persistent attacker will not be fooled by a different port. I
meant to say that for the worms that are currently out there scanning every
server on the planet, you can avoid being part of the automatic scan by
changing port.
This will not prevent a determined attacker, however, password strength is a
challenge of all systems and in the case of SSH, you must be aware there are
worms active in the Internet right now that will attack your SSH installation
if you run the service on the default port.
> >b) If you allow ssh-keys (default), then you may have users who create
> >unprotected keys. Those keys will get compromised; people who don't set
> >passwords on keys tend to have other bad security practises too. Once a
> >user's key is compromised, then their account on your systems is next.
>
> Allowing ssh keys doesn't mean they're used. If you don't use them
> then this situation is moot. If you do use them they are more likely
> to be secure than the user's password.
>
That's misleading. Far too many users use ssh-keys so they can have
a "passwordless" login and set up their keys without passwords instead of
using a key agent. This is a very real risk and I've seen break-ins happen
like this. If keys had not been used in these cases, the attacker would
still have needed login credentials to access our systems. SSH keys are
great if the person using them is security-conscious, but as a system
administrator, I cannot enforce good passwords on client systems and this is
a draw-back.
> >In any case, this is only granting user-level access. This is enough for
> > the attacker to run spam-bots and such or try escalation attacks, but
> > it's not super-user access. Those are the weaknesses I am aware of so if
> > anyone knows of other risks running SSH, please pipe-up.
>
> This is true for any account access the user has.
Exactly. Every system has it's weaknesses. Specifically, every system with
users has it's weaknesses ;)
--
Dominic Lepiane
The IRMACS Centre
Simon Fraser University
Email/JID: email@hidden
Office: (604)268-7369
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
