Upload File

understanding vps security via ssh · 2020. 4. 10. · security what to do about all these...

  • Home
  • Documents
  • Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication
24
Understanding VPS Security via SSH Pat Pannuto / Marcus Darden / Cameron Gagnon (for today!)

Upload: others

Post on 19-Jan-2021

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

UnderstandingVPSSecurityviaSSH

PatPannuto/MarcusDarden/CameronGagnon(fortoday!)

http://creativecommons.org/licenses/by/4.0/
http://patpannuto.com/
https://github.com/cameron-gagnon
Page 2: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

Today'sDefinitions-VPS

Page 3: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

Today'sDefinitions-VPS

-PAM

Page 4: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

Today'sDefinitions-VPS

-PAM

-SPAM

Page 5: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

Today'sDefinitions-VPS

-PAM

-SSH

Page 6: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

ReallyToday'sDefinitions-VirtualPrivateServers(VPS)

-PluggableAuthenticationModules(PAM)

-SecureSHell(SSH)

Page 7: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

ReallyToday'sDefinitions-VirtualPrivateServers(VPS)

Homework1!

-PluggableAuthenticationModules(PAM)

-SecureSHell(SSH)

https://c4cs.github.io/static/w17/hw/c4cs-wk1-homework.pdf
Page 8: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

ReallyToday'sDefinitions-VirtualPrivateServers(VPS)

Homework1!

-PluggableAuthenticationModules(PAM)

-SecureSHell(SSH)Matt'spostonPiazza!

https://c4cs.github.io/static/w17/hw/c4cs-wk1-homework.pdf
https://piazza.com/class/ixgsfwif4f35is?cid=79
Page 9: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

NowYouKnow

Page 10: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

Project'sGoal-Showusthepasswordsofpeople(orprograms)tryingtoauthenticatetotheVirtualPrivateServer

Page 11: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

Project'sGoal-Showusthepasswordsofpeople(orprograms)tryingtoauthenticatetotheVirtualPrivateServer

Lecture'sGoal-Showhowknowledgefromthisclasscanbeapplied

Page 12: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

SettingupaVirtualPrivateServer-Whatdoyoudowhenyoufirstsetupanewcomputer,phone,orpersonaldevice?

Page 13: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

SettingupaVirtualPrivateServer-Whatdoyoudowhenyoufirstsetupanewcomputer,phone,orpersonaldevice?

DotfilesHomework12!

http://c4cs.github.io/static/w17/hw/c4cs-wk12-homework.pdf
Page 14: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

SettingupaVirtualPrivateServer-Whatdoyoudowhenyoufirstsetupanewcomputer,phone,orpersonaldevice?

DotfilesHomework12!

~/.ssh/config

Hostc4cs-lecture

Hostname138.236.11.81

Userroot

IdentityFile~/.ssh/id_rsa_do_pnu

RegularandAdvancedHomework12

http://c4cs.github.io/static/w17/hw/c4cs-wk12-homework.pdf
Page 15: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

Let'sdiveinhttps://github.com/cameron-gagnon/ssh_pass_logging

https://github.com/cameron-gagnon/ssh_pass_logging
Page 16: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

MakeandMakefilesHomework7!

https://c4cs.github.io/static/w17/hw/c4cs-wk7-homework.pdf
Page 17: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

InstallingthePAMmoduleWheredidwelearnhowprogramsgetconfigurationinformation?

Page 18: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

InstallingthePAMmoduleWheredidwelearnhowprogramsgetconfigurationinformation?

Lecture3!

http://leccap.engin.umich.edu/leccap/viewer/r/gWkG4c
Page 19: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

InstallingthePAMmoduleWheredidwelearnhowprogramsgetconfigurationinformation?

Lecture3!

AlternativestoaPAMmoduleInstallandcompileOpenSSHfromsourcewhileaddingthispatch.Wouldgettotieinpackagemanagers(Week12!)

http://leccap.engin.umich.edu/leccap/viewer/r/gWkG4c
https://gist.github.com/sjmurdoch/1572229
Page 20: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

Scripting#fromcreate_initial_users.sh

#listofsomedefaultusernamestoadd

whileIFS=''read-ruser||[[-n"$user"]];

do

./honeypot_user.sh"$user"

done<"usernames.txt"

RegularandAdvancedHomework3AdvancedHomework6

https://www.youtube.com/watch?v=dQw4w9WgXcQ
https://c4cs.github.io/static/w17/advanced/c4cs-wk6-advanced.pdf
Page 21: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

PipingcommandsFromLecture6

ifconfigenp0s3|grep'inet'|tr-s"[:space:]"":"|cut-d":"-f4

Fromthe Makefile

cat/var/log/passwords|cut-d';'-f3|grep-vE

'^[[:cntrl:]]|^[[:space:]]*$$'|cut-d=-f2|tr-d''|sort|uniq|

tee-ausernames.txt

http://leccap.engin.umich.edu/leccap/viewer/r/qlB5Sh
Page 22: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

SecurityWhattodoaboutalltheseattempts?

Configuresettingsin /etc/ssh/sshd_config topreventpasswordbasedauthenticationfail2ban

https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04
Page 23: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

Attendance

Page 24: Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these attempts? Configure settings in /etc/ssh/sshd_config to prevent password based authentication

Questions?


Cloux | Cloud VPS Server | Cloud VPS Hosting | Reliable

SSH COMMUNICATIONS SECURITY Q2 2017 RESULTS … · ssh communications security q2 2017 results presentation kaisa olkkonen, ceo 20.07.2017

Secure Shell (SSH) - unipi.it · 2006-03-28 · • Secure shell (ssh) Network Security 9 Limitazioni (2) I file .rhosts/hosts.equiv contengono l’elenco delle macchine fidate •

Copyright 2015 SSH Communications Security SSH Communications Security SSH Access Management ENABLE, MONITOR & MANAGE ENCRYPTED NETWORKS Sean Lunell [email protected]

SMB Benefits of VPS Solutions - Availability, Security, and Support

Evo Vps Vps-flash Manual Eng Nfpa 1108

A Surfeit of SSH Cipher Suites - GitLab · 2020. 7. 6. · Timeline of related work on SSH-BPP 2002. •Formal security analysis of SSH-BPP by Bellare, Kohno and Namprempre [BKN02]

ssh-certificates-jeremy-stott · 21/02/2020  · ssh-certificates : python3 — Konsole About me Software Security Engineer Freelancer Entrepreneur Public Speaker Hacker Dad Jeremy

Transport-level and Web Security (SSL / TLS, SSH) Chapter 17 of Stallings

Security Tunneling Cyber Security Spring 2010. Reading Material IPSec overview –Chapter 6 – Network Security Essentials, William Stallings SSH –RFCs 4251,

Getting started with SSH security and configuration

Security with SSH ccTLD Workshop Samoa Hervey Allen

Internet Security Protocols - Previous - SecAppDev Preneel...Internet Security Protocols Public-Key Infrastructure IP/ IPSec (Internet Protocol Security) Transport Layer Security (SSH,

Connection Wifi-SSH Name – Alisa Wifi Password (Security): alisa@12

Risks of Unmanaged Encrypted Environments to …...Copyright 2014 SSH Communications Security Standardization Initiatives • PCI DSS 3.0 requires addressing SSH key based access in

Using SSH and Security AFNOG 3 Workshop Hervey Allen

SSH COMMUNICATIONS SECURITY INVESTOR UPDATE · 2017. 12. 13. · THE MARKET IS GROWING 30 November 2017 SSH Communications Security 9 The Economist (May 28,2016) MARKET GROWTH CONTINUES

Học VPS - Kiến thức quản trị VPS, Server

Multi-ciphersuite security and the SSH protocol

Security with SSH · SSH, The Secure Shell The Definitive Guide, Second Edition. By Daniel J. Barrett, Richard Silverman, & Robert G. Byrnes May 2005 ISBN: 0-596-00895-3 More SSH

Financial Services | February 2016€¦ · Report Security – VPs, Budget Officers and Department Heads 3 Report Security – Proxies 3 Report Security – ‘Access – My Security’

Shmoocon Epilogue 2013 - Ruining security models with SSH

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

SSL, SSH and IPSec - Swarthmore College · SSL, SSH and IPSec. Overview of things to come • Security can be implemented at many levels – Kerberos, SSL and SSH are implemented

Fully Managed Support VPS With Mumbai Hosting...VIRTUAL PRIVATE SERVER (VPS) eMail & Hosting Solutions with Fully Managed Support. cPanel. SSD SSD SSD SSD SPEED + SECURITY + STABILITY

Mitigating Security Risk in Practical vCPE Solutions · •SSH for VM management / system-level communication; SSH key injection with VM creation •Multi-tenant capability •Traffic

VARSINAINEN YHTIÖKOKOUS SSH COMMUNICATIONS SECURITY OYJ 20.3.2014

Configure SSH on Windows 10 | Configure SSH Server | Free SSH Server

Copyright 2013 SSH Communications Security How to Prevent Data Loss and Monitor Your Encrypted Networks Samuli Siltanen VP, EMEA SSH Communications Security

Configuring Secure Shell (SSH) - ftp.hp.comftp.hp.com/pub/networking/software/Security-Oct2005-59906024-Chap... · Configuring Secure Shell (SSH) ... SSH-Related Commands in This

Configuring Secure Shell (SSH)whp-hou4.cold.extweb.hp.com/pub/networking/software/Security-Oct... · 6-3 Configuring Secure Shell (SSH) Overview Note SSH in the ProCurve is based

Security Handbook Network Enabled Devices, AOS v6.4.x and v6.5 · • Secure SHell (SSH) For high security, use SSH. • With Telnet, the user name and password are transmitted as

Distributed SSH Key Management with Proactive RSA ...SSH communication security [7] “analyzed 500 business applications, 15,000 servers, and found three million SSH keys that granted

SSH Communications Security Espoon.pdf · What is Secure Shell? • Technology invented by SSH Communication Security in 1995 • Enables corporate to manage access to its information

VPS Hosting Plan in India, VPS Hosting in India, VPS Hosting Provider Company in India