SSH Security
A Study of Passwords and Methods Used in Brute Force SSH Attacks (.pdf) a really good article on SSH security and a honeypot experiment the authors, Jim Owens and Jeanna Matthews, carried out. If you are interested in server security this is a must read.
On my own server I have implemented a lot of security features (thank you CSF), not the least of which is turning off password authentication for SSH and making it accessible by public/private key authentication only. Given that I get about a dozen brute force dictionary attacks a day, this allows me to sleep a little better. Hacked once makes Doug one very paranoid sysadmin. Still, I’m going to move SSH to a random high port number for a little extra security.
One of the more interesting parts of that study comes right at the start
For most of the recorded history of botnets, dating back to 1999, the robot computers, or zombies, that populate them have been understood to consist primarily of compromised systems running a version of the Microsoft Windows operating system [7,22]. Propagation of zombie code has been observed to occur through a number of Windows-specific worms, viruses, Trojans, and other forms of malware [3]. More recently, vulnerabilities in Linux machines are being recognized as an important part of the problem. In October 2007 Dave Cullinane, chief information and security officer at eBay, announced at the Trust Online conference that an internal investigation of the security threats faced by the online auction service had been traced to “rootkitted Linux boxes.” [20] Alfred Huger, vice president for Symantec Security Response, echoed Cullinane’s comments, saying that compromised Linux machines were frequently observed to make up a large portion of the command and control networks for botnets. [emphasis mine - Doug]
While it is true that computers running Linux are not subject to the many worms, viruses, and other malware that target Windows platforms, the Linux platform is known to be vulnerable to other forms of exploitation. A 2004 study conducted by the London based
security analysis and consulting firm mi2g found that Linux systems accounted for 65% of “digital breaches” recorded during the twelve-month period ending in October 2004 [6].
As someone who works in the datacenter business I can vouch for that conclusion. Customers who do not keep their OS, and more importantly the applications running on their servers, patched ultimately end up with a rooted system (and the usual intrusion point is a poorly written PHP script - I don’t know what its status is today but for a number of years PHPBB was highly vulnerable and the single most common source of rooted systems that we saw.)
Here’s a good starting point. Make your password at least 14 characters long (15 to 20 would be better), completely random string of letters, numbers and characters. If you can’t memorize it get yourself a cheap (but name brand, not made in China (as they often contain rootkits)) USB memory stick and keep it on there with no information attached to it that
- identifies you
- identifies where it is used
That way if it is lost or stolen it can’t be used against you. Then, assuming you have created such a strong password, make it the only one you use (type it out often enough and you’ll memorize it 
)
Technorati Tags: A Study of Passwords and Methods Used in Brute Force SSH Attacks, SSH security, honeypot, server security, security, CSF, SSH, public/private key authenticatio, brute force dictionary attacks, random high port number, botnets, robot computers, zombies, rootkitted Linux boxes, strong password
Moyers »
