Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Make sshd (Cygwin) bullet-proof?
- Hannes Bachmann
August 29, 2004, 7:45 pm
rate this thread
I installed Cygwin along with the SSHd service and changed my firewall to
allow inbound SSH connections.
Which steps are recommended to make the system safe against attacks,
unsolicited login attempts or any other attacks?
If I look into the Event Viewer, I can see a lot of IP addresses trying
different user/password combinations such as "root", "admin", "guest",
I have a lot of personal data on that PC and I wouldn't like to expose it
to the Internet if sshd had known security bugs.
Re: Make sshd (Cygwin) bullet-proof?
Firewall all the networks from which you expect no legitimate traffic.
Or, easier, firewall everything, and bore holes for those networks
from which you _do_ expect legitimate traffic, on specific ports.
This goes for any service exposed to the 'net, on any type of
I'm assuming here that you have already secured your Windows machine
in all other regards, and are exposing only SSH through your firewall.
SSH doesn't do anything about preventing other access to your machine,
it just provides a means of access; if your machine is otherwise open
and exposed to the 'net, it has already been compromised. SANS says
an unsecured Windows machine exposed to the internet will be
compromised in 20 minutes.
That's a probe making the rounds. I believe it's looking for a
certain Linux implementation that installed some of those accounts
with easily-guessed passwords. I was getting a dozen or so probes a
day on my machine when it started. Since I firewalled off most of
Asia and a bunch of problem ISPs in the rest of the world (including
the USA), I get one probe every few days. I LART the ISP responsible,
and if I get no response, that ISP gets firewalled, too.
Another way to defeat that probe it is to have SSHD on a non-standard
port, since that particular probe is only looking at port 22. Folks
who want to connect to you will have to know the port number, of
Use sshd_conf (or whatever Cygwin's build calls the configuration
file) to limit logins to specified account names, regardless of the
accounts on the machine. Make those names hard to guess.
If the machine is attended, you could just keep SSHD shut off unless
you expect someone to need it.
I think the current SSHD is OK, security-bug-wise, but I'm certainly
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum