I have a small network of servers and I would like to increase the general security. I don't have enough time/money/paranoia to set up a VPN -- what's a basic way I can increase the security of my system?
One thing could be to require that users both send their key and enter a password. This is kinda hard to google for because everything about "ssh key password" is about sshing without a password. :-)
One scheme I've always wanted to toy with is requiring that incoming connections only come from a whitelist of dyndns ip addresses. I know some security heads would vomit at the thought of the idea, but the fact of the matter is it would add very significant complexity to exploit a box.
What do you think? What else is out there?
The login with password and key is the same as "just with key". During the key creation, you are asked to enter passphrase. If you leave it blank, you won't be asked for a password. If you fill some passphrase, you'll be asked for it everytime when you want to login.
If you are concerned about security, consider some of these advices mentioned trillion times in this forum:
Etc, etc.
Update: Please refer to the answer here for how to require both a public key and local system password with an OpenSSH server.
One idea I found interesting is port knocking - basically, in order to establish the ssh connection, you first have to probe on a sequence of other ports, before the ssh server will acknowledge a connect request. If the correct sequence of ports is not used, there is no response, so it effectively looks like there is no ssh server running. The sequence of ports is customizable and can be shared with your intended users; everyone else would effectively be unable to connect.
I haven't tried this myself, but from what I've heard (which isn't much, actually) the overhead is negligible and it lowers your visibility profile tremendously.
Patches related to enabling directly in SSH and lots of relevant discussion:
This can also be done without modification by having a password verification script combined with the use of the
ForceCommandconfiguration option.Finally, though no module exists for it, if you moved the public key authentication to PAM then you would be able to require both steps to pass before PAM considered authentication successful.
Just use
in
sshd_configif you are using sshd from ssh.com. This feature is not available in OpenSSH.You could also use one-time passwords to increase security. This would allow users to login from an insecure terminal, which may have a keylogger, if they previously generated the next password. Also there are password generators that can be installed even on older Java MIDP phones, that you carry with you all the time.
I would recommend that you never ever run a sshd, rdp or such management services with no IP restriction. In fact, I would suggest limiting access to such services to administrators connecting over VPN.
Regarding your original question about requiring both a key and a password, if you're running RHEL or CentOS 6.3 this is now posible. The RHEL 6.3 release notes describe it, it's a matter of adding this to your sshd_config
I strongly agree with 3molo. OpenSSH is the default SSH server of Linux and Unix. There is no reason for us to change it, especially for security. VPN should be the best solution, which can encrypt our traffic and provide the 2-step password authorization.
Not sure why no one has mentioned it but - you should make sure to generate the keys longer than default 1024 bits which is no longer considered secure.