11-14-2009, 04:22 AM
|
|
Web Hosting Master
|
|
Join Date: Jul 2009
Location: Kshatriya
Posts: 1,643
|
|
SSH is unsecure? why not use SSH?
hi,
i have one master reseller hosting(No SSH access)
and also i have One Dedicated Server (Personal - Testing Server only, no website) from InternetGateway(Full SSH Root Access)
i am use SSH for installing scripts(like awstat,cPanel,config,etc)
example: wget http://....site...tar.gz 
this is secure? or never use ssh for security reason? 
|
11-14-2009, 04:46 AM
|
|
Support Facility
|
|
Join Date: Jun 2009
Posts: 2,318
|
|
If you are concerned about your ssh security better one the good thing you can do to secure your ssh. You should change your ssh port no from sshd_config file. This can be advantage for you to reduced the attack.
|
11-14-2009, 04:53 AM
|
|
Community Liaison
|
|
Join Date: Jan 2005
Location: Darwin, Australia
Posts: 1,330
|
|
Should be fine as long as your dedicated server is secure
__________________
Graham Craig
IT'S NOT HOW GOOD YOU ARE, IT'S HOW BAD YOU WANT IT.
|
11-14-2009, 02:48 PM
|
|
Web Hosting Master
|
|
Join Date: Jul 2008
Location: Eta Carinae
Posts: 2,671
|
|
Secure Shell...
And changing ports as suggested above helps a lot. Just make it a random high number and you should be fine.
|
11-15-2009, 12:23 AM
|
|
Newbie
|
|
Join Date: Nov 2009
Location: Los Angeles, CA
Posts: 6
|
|
You can further secure your SSH by disabling password based login and generating a key pair for authentication. I'd also recommend disabling the root account from connecting via SSH. Create a new account and SSH into that one, then su to root, or sudo when you need to run something as root.
|
11-15-2009, 12:37 AM
|
|
Uptime Aficionado
|
|
Join Date: Mar 2009
Location: /usr/bin/perl
Posts: 971
|
|
Quote:
Originally Posted by njoker555
Secure Shell...
And changing ports as suggested above helps a lot. Just make it a random high number and you should be fine.
|
A lot of people are under the impression that changing the port will help -- but it won't.
-Keep out the brute-forcers with firewall restrictions
-Disable password auth/enable public key auth
Period. Any script-kiddy who knows how to point and click can find out what alternate port an SSH Server is running on.
__________________
Ask me about CloudCentrum (coming soon) -- The complete, turn-key cloud software solution
|
11-15-2009, 03:42 AM
|
|
Web Hosting Master
|
|
Join Date: Sep 2009
Posts: 1,409
|
|
You can also block all IP addresses in the firewall, except your IP address, or if you are using dynamic IP, your class of IP addresses and you should be fine.
|
11-15-2009, 04:06 AM
|
|
Web Host Extraordinaire!!!
|
|
Join Date: Dec 2007
Location: Indianapolis, Indiana USA
Posts: 14,319
|
|
Quote:
Originally Posted by e-Sensibility
A lot of people are under the impression that changing the port will help -- but it won't.
-Keep out the brute-forcers with firewall restrictions
-Disable password auth/enable public key auth
Period. Any script-kiddy who knows how to point and click can find out what alternate port an SSH Server is running on.
|
Changing the port alone won't help without a login failure daemon + port scan detection.
The PSD will block most before they find the right port and the LFD will block those that find it and try to log in with incorrect credentials.
Changing the port alone is just security thru obscurity but anybody really wanting in will find it.
__________________
█ Michael Denney - MDDHosting, LLC - Professional Hosting Solutions
█ LiteSpeed Powered - Shared, Reseller, Semi-Dedicated, and VPS
█ For high-end shared accounts ideal for business, check out our Semi-Dedicated offerings!
█ http://www.mddhosting.com/ - Providing Quality Services since 2007
|
11-16-2009, 02:08 PM
|
|
Newbie
|
|
Join Date: Jun 2008
Posts: 9
|
|
|
11-16-2009, 02:17 PM
|
|
Web Hosting Master
|
|
Join Date: Oct 2009
Posts: 672
|
|
Quote:
Originally Posted by e-Sensibility
A lot of people are under the impression that changing the port will help -- but it won't.
|
Well, it does help, at least by preserving your sanity when reviewing logs. When I changed the port on my servers to a different one, random login attempts went from hundreds a day per server, to 0.
|
11-17-2009, 10:36 AM
|
|
Web Hosting Master
|
|
Join Date: Oct 2009
Posts: 1,058
|
|
Also edit the /etc/ssh/sshd_config file ,
Allow only Protocol 2:
Protocol 2
Protocol 1 is less secure and obsolete.
__________________
Shared Hosting | Reseller Hosting | VPS Hosting | Dedicated Servers
 KeserHosting.Com
|
12-06-2009, 04:29 PM
|
|
a lazy evangelist ...
|
|
Join Date: Nov 2005
Location: /etc/fstab
Posts: 1,145
|
|
Quote:
i am use SSH for installing scripts(like awstat,cPanel,config,etc)
example: wget http://....site...tar.gz
this is secure? or never use ssh for security reason?
|
As long as you know what you are doing, I am sure it is secure
__________________
█ Mellowhost - Affordable Cpanel and WHM Reseller Hosting
R1Soft, RVSitebuilder, RVSkin, Softaculous, Fantastico, Domain Reseller and many more ...
█ Learn Hosting
|
12-06-2009, 05:22 PM
|
|
Global Solutions Provider
|
|
Join Date: Apr 2009
Posts: 3,152
|
|
Do not give your clients shell. Just give yourself shell. It probably would make you feel better in the long run.
__________________
█ http://rlshosting.com
█ RLS Hosting | Real, Logical, & Solid.
█ Web Hosting, Master Resellers, Dedicated Servers, & Domain Registration.
█ RVSkins, RVSiteBuilder Professional, & Softaculous Premium Auto Installer
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
