SSH Secure Shell


SSH is a secure shell protocol that you can use to remotely login to your server. While telnet is fairly popular it is highly insecure and you should not make the telnet daemon active on your server.

SSH contains two choices of ssh protocols:
Protocol 1
Protocol 2

Protocol 2 is more secure than Protocol 1 and you should disable Protocol 1 if your server currently supports it.

When using SSH Protocol 2 you should make certain that you have clients software that supports Protocol 2 for authentication. There are several applications that are "freeware" and can be downloaded and installed. There is also "Mindterm" which is a web-based java application that you may wish to use. Mindterm will be discussed in another tutorial later on.

Disable Telnet and Install SSH:

This section only applies if you are using FreeBSD 4.3 or earlier. In FreeBSD 4.4 telnet is disable and SSH is enable by default. Why the change? Telnet, any Telnet, is inherently vunerable to attacks. SSH is a much more secure method of protecting your system from attacks while still being able to before remote administration.

Disabling Telnet and enabling SSH is a relatively easy and quick task.

Step 1: Disable Telnet

Edit the /etc/inetd.conf and comment out all references to telnetd and save changes

     # vi /etc/inetd.conf

Step 2: Enable SSH

Edit the /etc/rc.conf by adding the line sshd_enable="YES" line and save the file.

     # vi /etc/rc.conf

Step 3: Reboot Server

Reboot server and connect via ssh (port 22) as telnet port 23 will refuse connection

That is all there is to it. Wasn't that easy!
| 2 | 20020410122120 | 2 | 20020410122120 |
| 73 | 3 | 4 | Securing SSH | Using SSH is definately more secure that using telnet but just using ssh isn't enough. CERT has posted an advisory regarding SSH and the increase in Protocol 1 attacks. This solution is easily solved and shouldn't cause you any problems other than ensuring you are using a SSH client that supports Protocol 2.

To make the change to SSH on your FreeBSD server simply follow the steps we have provided below.

1) edit /etc/ssh/ssh_config and /etc/ssh/sshd_config
2) change Protocol line to only contain 'Protocol 2'
3) Save and exit the file
4) Restart the sshd service
# kill -HUP `cat /var/run/`

Now just login using your favorite SSH application that supports SSH2 and login.