Here I would like to share some of the steps that you can use to secure the host from unauthorized access over SSH. Till now I haven't get a chance to know it can be break, but if you can break it please do share with me. I always believe human is always become the first line of defence.
In this arcticle I would like to share how you can secure the access for SSH and also allow vmware management to certain IP address using iptables.
Securing SSH using public key authentication.
By the default configuration, root is not allow for any direct connection using SSH and it does allow password authentication. What we want to enhanced here will be change the type to public key authentication and remove the password authentication. If you will like, you can call this 2 factor authentication and it is a combination from the below
Type 1 : You know
Type 2 : You have
Type 3 : You are
Step by steps
You will need to download putty key generator from www.putty.org, as per screen click on the generate button and start moving your mouse as below
Key in the passphrase key, as on diagram below. Save the public key and also the private key
Remark: You must remember the passphrase key
Summary as per on diagram 3
Command Usage
Service sshd status checking the sshd daemon status
Adduser user2 create a user with the name user2
Passwd user2 change password for user2
Su – user2 login as user2
Remark : create a folder .ssh into /home/user2 and change the permission by typing chmod 700 .ssh
Cd to the directory .ssh and create a file name as authorized_keys by typing this command to create.
Command Usage
Touch authorized_keys to create a file name as authrorized_keys
Copy the content from the diagram 2 into the authorized_keys and make sure the content is 1 line
Configuring your ssh client to use public key authentication
Open the SSH client and key in the inform as below
The next screen, you will need to configure your client to use public key authentication.
Next step it is a must to to making sure , the public key authentication work.!!!. You will need to login as normal user and su to root. You will need to modify the files at /etc/ssh/sshd_config. Always remember to perform a backup before changing any files. For newbie, I would like to suggest you to use nano command.:)
Configuration on the sshd configuration
- Protocol 2
- Permitrootlogin no
- Publickeyauthenticattion yes
- Authorizedkeys .ssh/authorized_keys
- Passwordauthentication no
- Permitemptypassword no
The last step will be configure firewall rules. You will need to do the following
1) login to the host
2) Create a new files and copy paste the entire content on the list as below
3) chmod 700 ./firewall.sh
4) ./firewall - to execute the configuration
#Explanation On Iptables entry
#Flush all firewall configuration
iptables –F
#All input is accepted
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#All output is accepted
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
#Enable ICMP
iptables -A INPUT -p icmp -j ACCEPT
#Enable ICMP
iptables -A OUTPUT -p icmp -j ACCEPT
#Enable port 22 from any
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#Enable port 902 (Vmware esx console to be access by your computer IP)
iptables -A INPUT -p tcp --dport 902 -s 10.215.x.x -j ACCEPT
#Enable port 443 (Vmware esx console web to be access by your computer IP)
iptables -A INPUT -p tcp --dport 443 -s 10.215.x.x -j ACCEPT
#Enable loopback connection, this is needed for the vmware infrastructure client
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
#Drop all input port
iptables -A INPUT -j DROP
#Drop all forward port
iptables -A FORWARD -j DROP
#save Configuration
service iptables save
#Stop iptables service
service iptables stop
#Start iptables service
service iptables start
What we have now?
Let me explain to you the risk and measure that we have base on scenario.
Case Study
1)What happen if you internal hacker try to hack your vmware machine?
Answer : The host have been configured not to allow direct root access, so the changes is 0%.
2)What happen if you internal hacker can copy our your public key?
Answer : The hacker still need to guess your password of your public key.Even though he can get it, but he must have the root password before he can proceed with further damage.
3)What happen if the hacker know the IP address of your vmware host?
Answer : Although he know, but he must guess which are the IP address that are allow to connect to the vmware host. Let said in the smaller environment you have 100 ip's. Chances are 1%.
No comments:
Post a Comment