SECURING SSH

Dr.Waleed Almuseelem

Asma Ayesh Albalawi

Introduction :
SSH is a powerful security tool, protecting privileged access to mission
critical systems. However, when it is not properly managed, it can
become a security liability instead of asset,
Most SSH server and client implementations (e.g., OpenSSH) include a
significant number of configuration parameters which impact operation
and security, including options for authentication, root access, port
forwarding, file locations, etc. Fortunately, over the years, most SSH
implementation developers have selected default configurations that are
more secure. However, there are a couple of defaults, such as port
forwarding and the location of authorized key files, that are not optimal.
In addition, if your users and administrators arbitrarily change those
configurations without considering the security implications, they can
open those systems to broader attacks.
The SSH keys we need to change are located in the /etc/ssh directory We
can navigate to this directory in our command terminal by running the
command “cd /etc/ssh” and then running the “ls” command to list the
contents in the directory. The keys we need to replace are the ones labeled
ssh_host_*
we want to replace these keys, we do not want to immediately delete them.
Instead, we will create a folder in the /etc/ssh directory and move those keys
into that folder. We can do that with the command “mkdir past_keys” to make
the folder. Next, run the command “mv ssh_host_* /etc/ssh/past_keys”. This
will move the keys we want to change into the folder we just created. Finally,
if we run “ls past_keys, you can find the keys there.
Now that the keys have been successfully moved, we can move forward
to the next step. Now we need to create new keys. In the terminal, run
the command “dpkg-reconfigure openssh-server”
we do want to confirm that new SSH keys are indeed new. To do that, we check
the MD5 hashes of the new keys and compare them to the default one we moved
earlier. In command terminal and in the /etc/ssh directory, enter the command
“md5sum ssh_host_*”. We will see the MD5 hash values for the SSH keys we just
created. Now, let’s compare those values to the old keys.
we Type “md5sum /etc/ssh/past_keys/ssh_host_*”. When those values pop up,we
compare each one from the newly created keys to the default keys in the
“past_keys” folder.