I have an SSH installed on my Ubuntu server. I can log into it from my Ubuntu desktop, using a user and a password. I can only access SSH from my LAN, since the SSH port is not forwarded on my router. Do I need to set up an RSA key for a setup like this? From what I understand the SSH is secure since it cannot be accessed from the Internet.
On a side note, what other things should I double check for security? I have Apache, MySQL and ProFTPD running.
As a side note, it's very, very easy to setup passwordless logins with SSH, so you might want to try that:
And then you wont be asked for a password each time you login to your server :)
If your sure that only authorised users can get access to your LAN, then a username and password should suffice. Nothing is ever going to be completely secure, you need to ask yourself, is it good enough?
If your server is only accesible via your LAN, and your not worried about people gaining access to it, by WiFi hacks, or physical network access, then username/password authentication is probabley good enough.
Setup keys with passwords. Then use keychain, the only time you will ever have to enter passwords will be after a reboot. All the security of passwords, all the convenience of keys.
I don't mind entering a password for SSH. For added security however, I'd recommend enabling the Ubuntu Firewall ufw, which is installed but disabled on Jaunty by default. It's easy to enable and configure:
EDIT: Don't do this first if you're connecting remotely or you'll lock yourself out! It's safer to enable last once you're sure all your rules are in place. See Olaf's comment below.
Default block everything
Allow TCP on prt 22 for SSH:
Delete this rule (if necessary down the road):
In addition to port 22, you'll want to allow traffic to port 3306 for MySQL, 80 for Apache, and 20 & 21 by default for ProFTPD.
You can check your rules easily too:
Lastly, you can create more fine-grained rules to specific hosts or subnets:
After you configure, disable and re-enable ufw to apply.
Do you need to use keys? No. But it sure becomes a lot more convenient to use them once you have more then one server, or if you ever have to script some kind task that will require ssh access.