Jack Wallen presents up a special technique of securing SSH that may very well be reasonably well timed in serving to to lock down your Linux servers.
The opposite day I used to be pondering of the way to safe SSH that had been a bit outdoors the norm. Let’s face it, we have all configured SSH in /and so on/ssh/sshd_config and /and so on/ssh/ssh_config. We have blocked root login, we have set SSH to a non-standard port, we have put in fail2ban and we have enabled SSH key authentication. What extra can we do?
SEE: Safety incident response coverage (TechRepublic Premium)
That is the place my prepare of thought type of went off the tracks to provide you with a non-standard technique of blocking undesirable SSH site visitors. What I got here up with is not revolutionary, neither is it a assured repair for all the pieces that ails distant logins.
However it’s one more a kind of concepts that makes me glad I take advantage of Linux.
As an instance, for instance, you and your IT employees log into and out of your Linux servers all day. Throughout that point, it’s essential to be sure that the SSH service is working and accepting connections. However what about after work hours?
I do know you and your employees is likely to be of a mindset that there isn’t any such factor as “after hours,” however there ought to be. With the ability to step away from work is likely one of the finest methods of making certain you may proceed doing all your work for years to return. Giving your self over to the corporate 24/7 is a sure-fire method of burning out and fading away. Do not let that occur.
With that stated, what in the event you simply disabled the SSH service after hours? I do know, I do know … it sounds loopy, blocking your self from distant entry whenever you’re off the clock. However the factor is, that interval whenever you’re not working is the prime time for attackers. And with you not there, your potential to react shortly is just about nil. So why give anybody the power to entry your distant servers by way of SSH?
Once more, I do know this sounds loopy, however for some servers, this may very well be a super method of blocking incoming SSH assaults at sure instances.
Say, as an example, you solely have a naked IT presence from 7 p.m. to six a.m. Perhaps you’ve got employed one or two admins to take care of points that occur at night time. So that they’re on-prem and might deal with something you may’t (as a result of you may’t SSH into the servers). That being the case, why not shut down the SSH daemons throughout these hours? With these companies not accepting connections, hackers would have a considerably tougher time gaining entry.
However how would you do that? In a phrase: cron.
How you can create cron jobs for SSH
We will create a file that may deal with two cron jobs:
To create the file, subject the command:
sudo nano ssh-start-stop
In that file, paste the next:
0 6 * * * root /usr/bin/systemctl begin ssh 0 15 * * * root /usr/bin/systemctl cease ssh
Save and shut the file.
At this level, when 7 p.m. comes round, the SSH daemon ought to be stopped and can then restart at 6 a.m. Nobody ought to be capable to use safe shell to realize entry to that server throughout that interval.
As I stated, this is not a bulletproof resolution. It’d even trigger extra issues for you than it is value (relying on the scenario). What this does, nonetheless, is present you the way versatile the Linux working system will be and how one can at all times provide you with off-the-tracks options to offer your server a novel increase in safety.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the newest tech recommendation for enterprise professionals from Jack Wallen.