By: Terry Bytheway

Recently I’ve had a good deal of people ask me about SSH connections, and how they can better secure them, and I’ve been shocked at the sheer number of people that still use keyboard-interactive password authentication to log into SSH daemons. This article will explain the use of SSH keys and OpenSSH options to speed up and secure your SSH connection.

SSH options

There are a few useful options you can pass to OpenSSH to increase your verbosity, compress and speed up your ssh connection, and change your SSH cipher to something faster and more secure;

‘-v’ switch. This option will allow you to see debug output for outgoing SSH connections. Specifying ‘-v’ multiple times increases the verbosity level (maximum level 3).

‘-C’ switch. This option compresses all of your SSH data. Passing this option to OpenSSH may speed things up dramatically on slow networks, but on high-speed networks it will only slow things down.

‘-c’ switch. This option will allow you to change your cipher method. The default is 3des, which is a 3-way encryption method that is believed to be secure – however, blowfish is also available, which is a fast block cipher which also believed to be very secure and is far faster than 3des.

For example, let’s say I want to log in as user ‘foo’ to an ssh daemon on host ‘example.com’. I want maximum verbosity level, I want to compress all my data, and I want to change my SSH cipher to blowfish. The command would look like this:

ssh -vvv -C -c blowfish -l foo example.com

(Note: the higher your verbosity level, the more text you will get on your terminal while OpenSSH goes through the process of logging in to the remote SSH daemon. Even specifying only one -v can get you a veritable flood of information. Fiddle around with -v until you find a debug level that you’re comfortable with.)

SSH keys

OpenSSH supports a method of authentication far more secure than keyboard-interactive password authentication using a combination of public/private key cryptography. A pair of keys is generated, one on the remote machine to authenticate you and let you in. The other is a private key to match the key on the remote machine.

To generate a pair of cryptographic keys, you would use the ssh-keygen(1) utility on both the machine you intend to log in to, and the machine you intend to log in from. For example;

ssh-keygen -t rsa

The -t option specifies the type of key to be generated. Available options are dsa and rsa.

Inputting this command on either of your UNIX machines should give you an output like this:

$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/example/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/example/.ssh/id_rsa.

Your public key has been saved in /home/example/.ssh/id_rsa.pub.

Setting a passphrase is highly recommended to maximize security. Good passphrases are between 10 and 30 characters long, and are not easily guessable in any way. If you do not enter a passphrase, you will be able to login to your remote system without entering any password on login.

The next step is to authorize your keys on the remote machine you intend to log in to. You can do this using a file named authorized_keys on your target machine. Copy your ~/.ssh/id_rsa.pub file onto your remote machine using scp(1)

scp ~/.ssh/id_rsa.pub example.com:.ssh/authorized_keys

Now log in to your target machine using ssh(1) with a debug level of 1

as previously shown;

ssh -v -C -c blowfish -l foo example.com

You will see debug messages like so;

debug1: Authentications that can continue: publickey,keyboard-interactive

debug1: Next authentication method: publickey

debug1: Offering public key: /home/example/.ssh/id_rsa

debug1: Server accepts key: pkalg ssh-dss blen 435

debug1: read PEM private key done: type rsa

You should then be prompted for your key passphrase (if you entered one) and then let into the system. If you didn’t enter a passphrase upon generating your public/private keys, you will be passed through without having to enter any. If you encounter errors, you should check the permissions of your ~/.ssh directories on both machines.

If you wish to change your key passphrase at any time, you can do so by passing the -p flag to the ssh-keygen utility;

ssh-keygen -p

About the Author

LinksJuice Security Directory for related websites with tips & advice on security. The security directory is located under the Computers & Internet directory.

(ArticlesBase SC #172422)

Article Source: http://www.articlesbase.com/ – Securing SSH Sessions The Easy Way

Selecting a Linux Distribution

The first important step in setting up and configuring a Linux server is to select the proper Linux distribution. There are numerous Linux distros available and some serve a particular niche. However, this article will address a Linux distribution that serves a wider audience: Debian Linux.

Debian is a general purpose Linux distribution (Operating System) that provides stable, reliable operation as both a server and desktop system. As a server, Debian is easy to install, backup, secure, and restore. Although it does not have some of the newer features found in some distros, it is nonetheless, an extremely safe and reliable operating system.

Once Debian is installed on a server, it is important to immediately address:

• backup tool selection and installation
• security setup

Backup Tool Selection and Installation

The Debian Linux Server setup is extremely flexible in almost all respects. This flexibility is excellent, but also presents a challenge. Flexibility often equates to complexity and even an experienced user could be overwhelmed by the selection and installation of a backup tool for a Linux server. Debian Linux, however, attempts to mitigate most of this complexity with an excellent package manager called Advanced Package Tool or APT. APT enables users to easily install or update applications. In addition, application dependencies are automatically handled by APT.  Consequently, APT is essential for installing a backup tool as part of an overall strategy to safeguard system data.

The backup tool users select ultimately depends on what they want. Most system administrators will recommend an automated, command-line backup. Although there are several choices, the best choice for automated backups is rsnapshot. This backup utility enables users to schedule incremental backups of their system.

Security Setup

One of the most important issues to consider when configuring a Linux Server is system security. Debian Linux is a powerful operating system, but out of the box Debian has inadequate security to protect the web-based and local applications. To protect the system, users must perform at least three specific tasks:

• disable or replace all unnecessary applications
• secure the Linux server with ssh
• install and configure ModSecurity

Disable or Replace all Unnecessary Applications

After installing Debian, it is highly recommended that users disable telnet, ftp, and other methods for accessing the Debian server. In addition, users should replace the system mail application with nullmailer. System mail servers like Exim or Sendmail are inherently insecure. Nullmailer is an easy way to secure a Debian server by forwarding mail to remote mail servers that require authentication. This is more secure than having a local mail server installed on the Linux server.

Secure the Linux Server with SSH

One of the best methods for securing a Linux server is configuring key-based Secure Shell (SSH) authentication. SSH provides an encrypted connection between two end points. SSH keys provide even more security by only allowing access to the server by someone with a password and valid key.

Install and Configure ModSecurity

One of the most effective ways to secure Debian web-based applications is to install and configure ModSecurity. ModSecurity is a web application firewall that detects and prevents attacks against Debian web-based applications. The latest version of Debian supports installing ModSecurity using APT. Once installed, users will need to tweak the ModSecurity configuration to disable false positives for normal application operations.

Conclusion

Backing up and securing a Debian server are two of the most important aspects for protecting data and applications. There are, of course, many more tasks users could tackle to configure Debian fully, but backing up and securing the system are some of the first tasks users must accomplish.

Author: WebHostingGeek

A Linux based hosting service can be appreciated if you have a true understanding about it. Linux is an open source operating system. There are no licensing fees for it. So, compared to windows, Linux is very cheap. Windows have software activation rights. A single copy of windows can be installed only on one computer. In the case of Linux once you have owned the software copy, you are free to install the software as many times as you wish on various computers.

On the other hand, Windows has a monolithic design, whereby it creates a sort of interdependence between the various parts of the server. A practical example can be seen in windows media player and Microsoft Internet explorer. In the case of Linux, it is known for its open source community development. Due to its group oriented approach method, Linux can easily oppose the monolithic based design concept by creating an operating system made up of parts that are freely independent of each other.

Linux and windows can successfully run popular web technologies such as HTML, CSS DHTML, XHTML, XML, JAVA Script, JAVA, CGI and Perl. They can also support Email, FTP, reporting and other basic features too. Also, both the operating systems (Linux and windows ) can do a good job when it comes to interfacing with Microsoft front page. Linux deals with open source development method, such as PHP nad RUBY on rails. Mostly, the Linux based databases use MYSQL. On the other hand, windows deal with ASP and other Microsoft proprietary applications such as Microsoft exchange. Window based databases mostly rely on MS SQL. When it comes to talking about the security risks involved on servers, one must be aware of the fact that one cannot ensure a 100 % risk free security service. I am saying this because even today there exist unskilled server administrators; people involved in brute force password crackers, unsecured PHP or ASP scripts etc.

In a windows based system, it becomes easy for hackers to compromise and entire server. The IIS web server is deeply interconnected with the core of the windows. Hence, if a security threat is found in the IIS web server, it could lead to compromising the entire windows server. That is why, external browsers such as Mozilla, Fire Fox are considered to be safer for a window PC than the integrated Microsoft Internet Explorer. Now in the case of a Linux security based system, there exists a large as well as an educated security team. However, one must also be aware of the fact that there exists a group of educated community of hackers too.

Linux is mainly used for database servers and Internet servers. Many companies prefer to use Linux on their servers as an alternative to other operating systems. Linux can be considered as a very efficient, multi-user multitasking operating system. Linux is popular on the internet as well as by many small companies. Linux is very stable and it uses the resources very efficiently. Linux is compatible with Microsoft windows, whereby it can support fully access to windows file system. Linux runs efficiently on your present hardware. Your older machines can also work on Linux.

In other words, your old hardware which might have discarded just because it was in adequate for the latest software upgrades can now be a valuable resource for your company. You can put your hardware back in service with Linux. Web hosting service based on Linux is easy and cheaper than windows hosting. It is a better choice over windows.

Article Source: http://www.articlesbase.com/web-hosting-articles/understanding-linux-and-windows-towards-web-hosting-383663.html

About the Author

Web Hosting Rating – the top web hosting on internet have web hosting reviews and scores of stuff on hosting.

Author: Skye King

Growing link between social media and small businesses

A new study by Smith School of Business at The University of Maryland on the relationship between small business and social media has concluded that Social Media rates in the U.S. have reached 24%, primarily through Facebook and LinkedIn, an increase of 8% from 2008.

The December 2009 report surveyed 500 small business owners and found that one in five small businesses are have integrated social media into their marketing mix. In fact, 45% of surveyed respondents even believe their social media initiatives will pay off financially in 12 months or less.

As the graphic below details, the small business owners who are using social media are primarily engaging in social media through company pages (75%) and status updates (69%) on Facebook or LinkedIn. However only 16% of the business owners surveyed admitted to using Twitter as a customer service channel.

The report also shows that small business owners now believe social media can help them generate leads. While half of surveyed respondents found the time it takes to use social media sites more daunting than expected, 61% are still putting in the hours and making active efforts to identify new customers.

Despite there still being a need for traditional advertising and press releases, social sites such as Twitter and Facebook allow a whole new type of communication to take place that has previously been unknown to most businesses. Because of this it is even more important for business to not only get a large number of fans or followers, but also follow through on the opportunity to make more genuine and direct connections with customers.

We are now in the age of open communication, engaged dialogue, and transparency and business success may now have less to do with the size of ad budgets, but on the quality of interactions with customers – especially before these customers forge relationships with your competitors.

Article Source: http://www.articlesbase.com/social-marketing-articles/integrating-social-media-into-your-small-businesses-1931586.html

About the Author

Skye King is an Internet Marketing Adviser, the founder of Grow Success Today, a Lifestyle Marketing Company that spans 160 countries in 40 different languages. She specialized in Social Media, Branding & SEO Strategies. King is the Editor of Home Based Business at BusinessTM.com.

Author: Skye King

With so many businesses of all sizes being aware of the benefits of social media optimization and implanting strategies to become more connected, social media is helping to forge a new era in business transparency and engagement, creating both new challenges and opportunities.

The days when companies could rely on carefully crafted press releases or flashy ad campaigns to communicate with their customers are long gone. Especially futile is an attempt to convince people that your products are the best in the field. In the age of social media, the rules have changed drastically, and people today demand a more honest and direct relationship with the companies with which they do business.

Companies now face a clear choice: wall themselves in and become increasingly controlled and hidden, or use social media and other means to reveal their human side, welcome transparency, and forge new relationships with their customers.

Below are the top four shifts that businesses are making due to social media optimization (SMO).

1. From “Trying to Sell” to “Making Connections”

The goal with SMO in most cases is not to sell more but to engage and connect with customers on a deeper level — and, as a result, through such engagement people feel more comfortable doing business with those companies.

The most popular brands in social media tend to post less about their products or services and more about things that help their customers get to know the people and personality of a company. Jeff Swartz, who is the President and CEO of the Timberland Company, is a great example of this. Swartz uses his Twitter account to show his personality by tweeting about his life and the social issues he is passionate about, rather than the shoes his company makes. He also links from his Twitter bio to Timberland’s Earthkeeper project that supports environmental awareness, rather than to the company homepage, in an effort to make a connection with people around something that goes beyond just the products Timberland sells.

Lesson: Rely less on PR tactics and grab at the opportunity to interact with your customers sincerely.

2. From “Large Campaigns” to “Small Acts”

Being able to communicate on such a wide-spanning platform also allows for small acts that express gratitude and a commitment to customer satisfaction. Sites like Facebook and Twitter provide businesses and their followers a broadcasting network, and businesses are beginning to see that rather than spending millions of dollars on traditional ad campaigns, small acts can be more valuable because people will inevitably share such experiences through the social web.

In the past, if we had a very bad or very good experience with a company, it could take days or weeks to tell all of our friends and relatives about it. Today, in a matter of minutes, we can let all our friends on Facebook or followers on Twitter know about what happened. When every customer experience can be easily and widely broadcast, small issues become extremely important.

Since bad experiences are broadcast just as fast and just as easily as the good, it pays for companies to pay attention to the one-on-one customer relationships forged via social media.

Lesson: Instead of only relying on big campaigns, make authentic, helpful relationships and communication the new campaign.

3. From “Controlling Our Image” to “Being Ourselves”

For generations businesses have stressed over the concept of image and maintaining a carefully crafted public persona. Of course companies need to have employee policies, and there is such a thing as bad press, but look at the most popular companies in the era of social media, and you’ll generally find the ones that give their employees freedom to be themselves in online spaces. The goal should no longer be to create a very controlled and polished image that everyone in a company tries to reinforce, but rather to give employees the means necessary to be human beings that can put a friendly face on the corporation.

Also important is being aware of what online perceptions of your business are. How people connect with your business dictates to a great extent the longevity and reliability of their association with your brand and service. Therefore, it’s not just about what you tell them about the business, it’s also about what political stances you take and what information you share and

Lesson: Leave the dated concept of company image behind and embrace your business’s differences and human qualities.

4. From “Hard to Reach” to “Available Everywhere”

To engage with customers, it is no longer enough to have an email address and customer service number on one’s website. Today, people want to interact with and engage businesses via their chosen means of communication, whether that is Twitter, Facebook, discussion forums, or a feedback site like Get Satisfaction.

However, this omnipresence also presents an added challenge: listening to what your customers want and implementing suggestions. Any expansive platform also adds extra responsibility to use the information gathered in a way that is both purposeful and helpful. This means that just as it is extremely important to reach this audience, it is also important to make the changes they are asking for. Keeping lines of communication open during this process is also helpful since feedback is available with every step.

Article Source: http://www.articlesbase.com/smo-articles/business-transparency-amp-social-media-1932110.html

About the Author

Skye King is an Internet Marketing Adviser, the founder of Grow Success Today, a Lifestyle Marketing Company that spans 160 countries in 40 different languages. She is the Editor for Home Based Business at BusinessTM.com. King specializes in Social Media Marketing, SEO and Personal Branding.

By: Darren Olander

Twitter is a relatively new web 2.0 site that is starting to gain a lot of popularity. That means that a lot of people have heard of it but it is also quite common to run into people who haven’t heard of it.. yet. Twitter.com is this social site that encourages users to post often about what they are currently doing.

A lot of people are using it to improve their marketing reach, by being an active twitterer they gain followers who are interested in what they got going on. This means people being exposed to their updates on a regular basis. For example, if you have hundreds of followers in Twitter and you decide to post an affiliate link, that means that hundreds of people have instantly been exposed to your offer. In this article I will discuss ways to maximize Twitter for your marketing, and also a big mistake to be aware of.

In order to have a fan base per say of followers in Twitter you must be able to keep their interest in you and what you are doing now. “What are you doing?” is the whole foundation of what Twitter is about in the first place. Make sure to post daily if not several times throughout the day updates about what you are doing. The magical thing behind this is that many of your contacts will be able to feel like they know you so much better, will trust you more, and feel much more comfortable about working with you. On the other hand, when you follow others you can learn about them and their possible needs.

The big mistake to watch out for is only posting affiliate links or offers on your Twitter page. This looks like Spam and many people will see you as just abusing Twitter for your own personal gain. Think of it this way, if you would not want to invite your friends or family to keep up with you via Twitter then you are going about it all wrong. As with anything you send out or provide, ninety percent should be content and ten percent (at most) advertising. So this concept is quite simple… constantly post throughout the day what you are doing.. it is usually very simple and only takes a few seconds to post! Secondly, if you write articles or provide content online, provide a link for those in your Twitter posts. You may post many things within one day, but the last thing you post for the day is usually the most important because it will be there the longest. This means that your last post for the day should very well contain a link that you want your followers to see before your start Twittering again the next day!

Another part of Twitter is contributing. As with any social site it should be a give and take relationship. Notice that give comes first… the more you give the more people will want to work with you and the more attention you will receive. Make sure to read and follow other users in Twitter. If you read something interesting or helpful then make sure to reply and say so, or even put a link for it on your Twitter so that you are directing others to more quality content. This can also be as simple as connecting with other users, if they know you are reading their Twitter page they will be much more likely to check out what you have going on too.

To get started in Twitter you should first invite contacts who aren’t using Twitter and also find contacts who are already using Twitter so that you can start following them and also start getting people to follow you. Twitter has a nice invite and find feature that makes this incredibly easy. To grow your reach even more you can start following people who follow or are followed by the people who follow you.. or that you follow. You might need to read that sentence again.. but basically you can find other users to connect with that are already connected to other users.

Now for a big tip. If you really want to maximize the potential with Twitter, you should make sure to take advantage of any plug-ins or sites that support Twitter. Here are three, but I’m sure there will be many more in the future if not already. Squidoo allows you to input your Twitter account info into your Squidoo account and then it can automatically post updates to your Twitter account when you create or update Squidoo lenses. Facebook has an application called Twitter, it automatically updates your Facebook status when you make a Twitter post. The other tool is a free WordPress plug-in called TweetMyBlog that allows you to create a two-way connection from your blogs to Twitter. TweetMyBlog allows you to use a widget on your Wordpress blogs that will display your current Twitter feed.. that way all visitors to your blog can look at the widget and see a running feed of your latest Twitter posts. If they click on that they will be brought to your Twitter page. In addition, when you make a new post to your blog, TweetMyBlog will automatically make a post to your Twitter page with a link to your latest blog post. Imagine the extra exposure you can receive by using these tools that help people see more of what you are doing.

Lastly, have fun! Twitter is a social site… so interact and enjoy!

About the Author

Darren Olander is dedicated to teaching others how to create a success online through internet network marketing strategies. He is a site owner, article writer, coach & marketing consultant enjoying the benefits of working full time from home. Learn more about him at http://www.darrenolander.com

(ArticlesBase SC #491205)

Article Source: http://www.articlesbase.com/ – How to Use Twitter for Marketing

SMS Donations:

• Text HAITI to 90999 to donate $10 to the American Red Cross
• Text HAITI to 25383 to donate $5 to International Rescue Committee
• Text HAITI to 45678 to donate $5 to the Salvation Army in Canada
• Text YELE to 501501 to donation $5 to Yele
• Text RELIEF to 30644 to get automatically connected to Catholic Relief Services and donate money with your credit card
• Text HAITI to 864833 to donate $5 to The United Way
• Text CERF to 90999 to donate $5 to The United Nations Foundation
• Text DISASTER to 90999 to donate $10 to Compassion International

Phone Call Donations:

• 1-800-RED CROSS (1-800-435-7669 – English Speaking)
• 1-800-257-7575 (Spanish Speaking)

Internet Donations:

• American Red Cross (online form direct Haitian Relief Link)

American Red Cross List of Ways to Donate:

• American Red Cross (all methods to donate – including several electronic methods)

Author: Katia Lorenzen

Businesses are all about decisions, and informed decisions are the thin line of difference between success and confusion. This concept goes for the Internet and websites too, and any tool that provides you with information about your website is a Godsend. Analytics engine is one such simple to use and free tool that gives you web statistics. Here is a short tutorial that will help you harness the true potential of Google.

Step 1 # 1: Making an Account

Analytics software system is a free tool provided by Google. Making an account is convenient and simple. All you need to make a Analytics engine account is a Gmail e-mail id. Once your Gmail e-mail id is set up, you can go to the Analytics engine website and sign up your website for Google Analytics.

Step # 2: Installing the Tracking Code

Once you have signed into Analytics engine, you will be redirected to a page which has links to the analytics reports of your website. If you have not installed the tracking code on your websites, click on the Add Website Profile link.

If this is your first time on Analytics engine, and you have not installed the tracking code on your website or any of its pages, choose the “Add a profile for a new domain” option. Once that is done, scroll down and type in the URL of the home page that you wish to install the tracker to.

Select the time zone you are in and click Continue. Once this is done, the Analytics engine will automatically detect whether the tracking code has been installed on the website or page that you provided them with. Choose any of the code given below (best way is to press Ctrl+A and Ctrl+C) and paste the copied code into the website and webpage that you would want Analytics engine to analyze.

Make sure that you install the code anywhere before the End Body (/body) tag. Click Continue. The pa

ge will now show the webpage, website or websites that you have installed the tracker code to. Click on the View Reports link to go to the The System Dashboard.

Step 3 # 3: The Dashboard

The Dashboard is your Google homepage. Through this page, you can access almost any information you would require about your website, or even any page within the website. Once you have signed into the The System website, you will be redirected to the list of website profiles, that is, the analytics reports of any and all websites that you have installed the Google Analytics tracker code.

Once you are on the Dashboard, you can view the following analytics about your website:

Site Usage: The site usage column gives you the relevant information about the traffic for your website. The Visits column tells you the number of visits and unique visits in a given time frame. You can also know about the number of page views per visit at the Dashboard.

You can also find out the Bounce rate of your website or webpage. Bounce rate is the number of visitors to your websites who browsed away from your website directly from the landing page or the home page. Analytics engine also tells you the exact amount of time one particular user has spent on your website. It can also calculate the percentage of new and unique visits on your website.

Traffic Sources Section: The Traffic Sources Section tells you more about the traffic of your website, and explains it further. You can get information about all the traffic sources for your website. You can also divide your traffic from direct traffic, Search Engine traffic and Referring sites. Google Analytics can also give you traffic related information regarding your AdSense account if you have one.

About the Author:

Katia Lorenzen discovered Google Analytics while doing research for a new article. More information about this indispensable tool and a Google Analytics tutorial can be found here: http://www.Analytics411.com.

Article Source: ArticlesBase.com – Google Analytics Tutorial: Getting The Best Out Of Your Web Site

Author: MFrizzi

Securing your company boundaries: The changing nature of email and web-based threats

Growing pressure on the enterprise gateway means email viruses and worms are giving way to subtler forms of malicious spam, and a rise in web-based malware.

The changing email threat

Malware-infected email has decreased as cybercriminals have found more efficient ways to get the information they want. Instead of sending the malware itself as an attachment which has to be constantly rewritten to avoid detection they spam out emails with links to websites from which viruses and other malware are inadvertently downloaded by unsuspecting visitors. For example, a spammed email in November 2006 offered free explicit images and videos, in an attempt to trick users into downloading a malicious Trojan horse.

“Up to 30 percent of companies with 500 or more staff have been infected as a result of internet surfing, while only 20-25 percent of the same companies experienced viruses and worm from emails.”
IDC.

The growing web threat

There is a low level of threat awareness among surfers, and web security within corporate networks is often overlooked. Users are inadvertently downloading spyware and unwanted applications. At the same time, employees’ uncontrolled browsing is having a significant impact on productivity and network bandwidth, and the security of confidential data.

Our expert solutions

We have a range of solutions to help you meet the challenge of protecting your organization from infection and legal risk, while also meeting end user demands for performance and accessibility. Scanning billions of web pages a day, proactively discovering thousands of new malicious URLs a week, and performing round-the-clock threat analysis, SophosLabs™ delivers focused security and performance, and rapid, proactive protection against known and unknown threats.

This article was provided by Sophos and is published here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware protection.

Keywords: anti-virus, malware, firewall, spam, spyware, internet security, data protection, network access control, virus protection, compliance, encryption, network security, spyware removal, anti-spyware, hippa, aes, nac, computer security, hitech, data loss

About the Author:

This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.

Article Source: ArticlesBase.com – Securing your company boundaries: The changing nature of email and web-based threats

Author: Christopher Pace

The Secure Shell (SSH) Server is a secure replacement for telnet and rlogin, etc. SSH uses encryption from the point the client connects to a server, to the time the connection is terminated. SSH uses encryption to hide passwords, usernames, and other sensitive information that is normally sent “in the clear” in servers such as telnet and rlogin. SSH as of this writing supports the following encryption algorithms: 3DES, Twofish, Blowfish, Arcfour, CAST128, AES (Rijndael), and DES. SSH now comes with a variety of distributions, so downloading the server and the client should be a pinch. If, however, your distribution lacks a SSH server package, you may download it from the SSH website. SSH is one of the more easier to install packages, so installation should be a breeze. Install the package from your distribution using the appropriate package manager (for example use rpm -i packagename for Redhat-based systems, and dpkg -i packagename for Debian-based systems).

Once installed, SSH should work properly. To test it, you may login to your server by issuing the following command:

ssh -l username 127.0.0.1

Replace “username” with your desired user name. If all is working correctly, you will be prompted for a password, and then connected. If this does not work, if you installed SSH from source, and don’t have an /etc/init.d or /etc/rc.d file for the SSH daemon, you can build one from scratch following the guidelines for Pro-FTPD. The SSH config file (normally located in /etc/ssh or /etc/ssh2) is sshd_config or sshd2_config. An example configuration file looks like the following:

# sshd2_config
# SSH 2.0 Server Configuration File

*:
Port 22
ListenAddress 0.0.0.0
Ciphers AnyStd
# Ciphers AnyCipher
# Ciphers AnyStdCipher
# Ciphers 3des
IdentityFile identification
AuthorizationFile authorization
HostKeyFile hostkey
PublicHostKeyFile hostkey.pub
RandomSeedFile random_seed
ForwardAgent yes
ForwardX11 yes
PasswordGuesses 1
MaxConnections 50
PermitRootLogin no
# AllowedAuthentications publickey,password,hostbased
AllowedAuthentications publickey,password
# RequiredAuthentications publickey,password
ForcePTTYAllocation no
VerboseMode no
PrintMotd yes
CheckMail yes
UserConfigDirectory “%D/.ssh2″
SyslogFacility AUTH
# SyslogFacility LOCAL7
Ssh1Compatibility yes
Sshd1Path /usr/sbin/sshd1
# AllowHosts localhost, foobar.com, friendly.org
# DenyHosts evil.org, aol.com
# AllowSHosts trusted.host.org
# DenySHosts not.quite.trusted.org
# NoDelay yes
KeepAlive yes
RequireReverseMapping yes
/ UserKnownHosts yes
# subsystem definitions
subsystem-sftp sftp-server

Most of these settings you shouldn’t have to change from the default. One notable exception is the port that SSH will use. You can change this to any port within the 65535 limit. Also, you might want to change PasswordGuesses from its default (3) to 1. The reason for this is that it deters cracking attempts (the cracker has to make a new connection for each failed password). MaxConnections is a very important setting if this server is going to have any other services on it. MaxConnections helps keep your connections down, so that SSH requests and processes don’t take up 90% of the server’s resources. However, there is a downside to it- someone can login to your server the amount of times allowed in MaxConnections, then just leave the sessions logged in, which will prevent other users from logging in. PermitRootLogin is also an important setting, *ALWAYS* set this to no (the default is yes). If you need to login as root, simply create a user with a GID of 0 and UID of 0. This is known as a suid root account. Leaving root with the ability to login leaves a small chance that someone may crack root. SSH1 compatibility is crucial, many people have not yet upgraded (or are aware of the upgrade) to SSH2. AllowHosts and DenyHosts really shouldn’t be used as a security measure in my opinion. Instead, ipchains or a similar kernel-level firewall should be used instead. However, you may elect to use them, but be warned that when using a application level security measure, exploits in the application can allow denied (or blocked) hosts from connecting anyways. One great thing about SSH is that it comes with the sftp server, which allows encrypting of FTP sessions. Also, no FTP daemons are needed on the server, just the SSH daemon. However, the client must have a SSH package, in order to take advantage of the sftp server.

SSH is an extremely valuable service. It allows encryption of what were traditionally non-traditional services (such as telnet and FTP). This section has only briefly touched on the subject of the SSH server. For more information, read the FAQs and HOW-TOs available at ssh.org, or feel free to visit my website below.

About the Author:

Christopher J. Pace is a freelance Linux consultant who has worked with Linux since 2001. He provides remote Linux consulting services for Linux servers.

Article Source: ArticlesBase.com – Installing and Configuring the Secure Shell Server