A periodic security review at our co-op suggested switching
PasswordAuthentication no on even more hosts. One of those caused a bit of a heated discussion about the benefits of increased security and the drawbacks of making emergency access harder, reminding me of the old joke about a secure computer being one encased in a block of concrete, not connected to anything and buried in a secret location.
More usefully, I found a Discussion summary on improving SSH which seemed to cover the basics pretty well. It also suggests that “nearly two thirds of all SSH private keys were stored on disk with no password protection” which is scary and can server admins even detect that sort of risky behaviour?
One thing I’ve not really noticed before is how common brute-force ssh attacks are. There are some denyhosts statistics which make interesting pictures and Strong passwords no panacea as SSH brute-force attacks rise summarises some data from last year.
So what can we do? libpam-cracklib seems like a first step, along with denyhosts. While searching around, I noticed sslh – ssl/ssh multiplexer which looks like a useful trick that I might try somewhere. It entered debian testing earlier this week and looks simple to backport to the stable version.
What tips would you give? Do you think it’s worth having at least one reasonably secure host with PasswordAuthentication enabled, just in case of disasters disabling private keys? Are you a fan of port-knocking and other more sophisticated things? Do you know more numbers about ssh security?