VNC2Me

  • Increase font size
  • Default font size
  • Decrease font size
Home - Forum
Welcome, Guest
Username Password: Remember me
Forgot your password? Forgot your username?
VNC2Me Support Forum
VNC2Me Forum
VNC2Me

SSH server security risk
(1 viewing) (1) Guest
Reply Topic
New Topic
  • Page:
  • 1

TOPIC: SSH server security risk

SSH server security risk 3 years, 8 months ago #27

  • unggnu
  • OFFLINE
  • New Here
  • Posts: 2
  • Karma: 0
I like the idea of tunneling connections through ssh but the problem is that I send in the future an exe file (most likely self extracting archive I guess) with my ssh password and username through the net. Even if I disable shell accounts for the ssh user it is still possible to forward ports of my server/router/computer so an attacker could bypass the firewall.
What can be done about this or do I get this wrong?
The pro of SSH is that a simple router could be used for it but ...
Reply Quote

Re:SSH server security risk 3 years, 8 months ago #31

  • JDaus
  • OFFLINE
  • Moderator
  • Posts: 92
  • Karma: 0
unggnu wrote:
I like the idea of tunneling connections through ssh
Its not a new idea, but i hope i make it a bit easier for others to use SSH tunneling ...
the problem is that I send in the future an exe file (most likely self extracting archive I guess) with my ssh password and username through the net. Even if I disable shell accounts for the ssh user it is still possible to forward ports of my server/router/computer so an attacker could bypass the firewall.
What can be done about this or do I get this wrong?
You got this right ... to a degree ... in one word DMZ (even though its NOT actually a word, but an acronym).

For you to be providing any service to the internet (including smtp, pop etc) without a DMZ is simply crazy. true the above examples DO NOT provide login credentuals with the software, but hackers find vulnerablities in major systems regularly.

the best security you can get is security in isolation ... nothing connected, no-one using it, no security risk...

but alas, that is not possible for what we want to do, so try to layer the security (like an ogre or onion) - follow me here ...
  1. The user has no shell (but the shell application exists, and holds connection to allow tunnel creation)
  2. The system is a dedicated VPS for SSHD only (bare BARE esentuals only - kernel, drivers, ipv4, iptables)
  3. The BOX (including other VPS's) contains no secure data (or it is at bare minimum encrypted)
  4. Finally that the Network is segmented such that the BOX cannot connect outside of its DMZ (but SSH connections can be established to it (preferably not running or port 22 - 443 is good)


The pro of SSH is that a simple router could be used for it
to right ... the above situation can be performed using a 200Mhz processor (i have it running still ) ... so your old computers become useful again

hope this makes sense as its late at night after a hectic fortnight ...
Reply Quote

Re:SSH server security risk 3 years, 7 months ago #32

  • unggnu
  • OFFLINE
  • New Here
  • Posts: 2
  • Karma: 0
Thanks for your reply. I'll have to take a look how to use a dmz, which is completely separated from the lan, with my router. I guess vlan configuration is needed.
Reply Quote

Re:SSH server security risk 3 years, 7 months ago #33

  • JDaus
  • OFFLINE
  • Moderator
  • Posts: 92
  • Karma: 0
The easiest way would be to setup two devices, one being your connect to internet device, the other being your connect to LAN device with all your lan clients behind your second device.

wikipedia shows a good dmz examplewikipedia shows a good dmz example as i was describing, but they show two devices before the dmz branch, this could potentially just be one device ... your inet router.

hope this helps
Reply Quote
Reply Topic
New Topic
  • Page:
  • 1
VNC2Me Support Forum
VNC2Me Forum
VNC2Me
Moderators: admin, JDaus
Powered by KunenaKunena
Time to create page: 1.12 seconds