Hacker News new | past | comments | ask | show | jobs | submit login

In order of least effort to most:

* Disable root logins (require su/sudo)

* Disable password logins (require public keys)

* Run Denyhosts, to block IP addresses that have too many repeated failed login attempts.

* Use Jumphosts (AKA Bastions). One (or a few) servers that listen to ssh from the open Internet and have no private keys stored on them (use key forwarding). All other servers only listen to ssh from an internal network interface the Jumphosts are also on, or from the Jumphosts IP address directly.




I've always wondered what exactly is the purpose of a jumphost? Wouldn't it be equally susceptible to attacks as the actual servers are?


sshd is equally susceptible, where ever you run it, sure.

With jumphosts, though, you can run denyhosts, redirect to tarpits, or other clever things, and not effect performance on your other servers.

I think the motivation to use jumphosts is to minimize the surface area of your other servers as much as possible. Each daemon on each server listening for incoming connections is a liability. If an sshd exploit is found (unlikely as that is), bots that mass scan and find my ssh ports and connect won't be able to delete any production files (right away, at least) if all they gain access to is my jumphost and not one of the prod db servers.


Thanks. I didn't consider that the mere act of having sshd deny attempts is a performance cost. I guess one could potentially dos a server by flooding the sshd with bogus attempts?


well, sshd denying requests isn't a performance cost, in itself.

But having a script like denyhosts or fail2ban that analyzes auth logs for IPs to block requires memory for the interpreter running the script, as well as however much of the log gets read into memory.

Blocking external ssh connections can avoid that performance hit, however large or small it ends up being.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: