How to NOT Harden SSH

preview_player
Показать описание
Have you ever wanted to harden SSH but found the concept of password protected keys too complicated? Then use BastionZero a cloud based authentication provider that works because trust us.

₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿

Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436

Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV

Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079

Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF

Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz

Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr

Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14

Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp

Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC

USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB

and be sure to click that notification bell so you know when new videos are released.
  1. Mental Outlaw
  2. Mental Outlaw
  3. mental
  4. outlaw
  5. BastionZero
  6. how
Рекомендации по теме
How to NOT 0:11:08

How to NOT Harden SSH

5 Steps to 0:23:15

5 Steps to Secure Linux (protect from hackers)

Harden your Linux 0:06:33

Harden your Linux server using SSH keys

5 Must Have 0:21:48

5 Must Have Tweaks to Secure OpenSSH

How To Protect 0:20:38

How To Protect Your Linux Server From Hackers!

Why I don't 0:13:31

Why I don't change SSH from port 22

How SSH Works 0:08:54

How SSH Works

5 Easy Ways 0:03:42

5 Easy Ways to Secure Your SSH Server

hardening SSH 0:01:36

hardening SSH

How to SSH 0:05:30

How to SSH Without a Password (like a boss)

Securing SSH Access 0:11:25

Securing SSH Access on Your Ubuntu Server // Step-by-Step Tutorial

Hackers can SSH 0:05:08

Hackers can SSH in Your Linux (DO THIS NOW TO SECURE SSH!!!)

SSH Keys 0:10:12

SSH Keys

How to Secure 0:12:00

How to Secure Linux SSH Server

Hardening SSH on 0:14:15

Hardening SSH on Debian based systems (Debian / Ubuntu / Mint)

SSH Keys in 0:01:00

SSH Keys in 3 Easy Steps #shorts

Learn SSH In 0:06:04

Learn SSH In 6 Minutes - Beginners Guide to SSH Tutorial

Set up SSH 0:13:23

Set up SSH Server on Windows | Remote Secure Shell + Key Based Authentication

Hardening Access to 0:18:49

Hardening Access to Your Server | Linux Security Tutorial

How to protect 0:30:39

How to protect Linux from Hackers // My server security strategy!

Windows Copy SSH 0:00:40

Windows Copy SSH Public Key to Server #shorts

Linux Commands in 0:00:46

Linux Commands in 60 Seconds - The ssh Command

How to Set 0:01:41

How to Set Up and Change SSH Password

Configure SSH Password 0:05:48

Configure SSH Password less Login Authentication using SSH keygen on Linux

Комментарии
Автор

Problem: SSH has mitigable security issues.
Solution: Trust an unknown cloud service to monitor all of your connections.

Jmcgee
Автор

As someone who works in IT for a large hosting company i have to disagree with the very first statement of switching the SSH port.
Setting up honeypots to test such things revealed things to me personally in that regard.

While it may not prevent from targeted attacks it helps massively to reduce automated SSH attacks on your machine.
If the port 22 is not open bots often have troubles to target your machine and you will see a drastic decrease in unauthorized login attempts.
Using Fail2Ban or Denyhosts in addition to that then brings automated attacks to a bare minimum in a very short time.
Furthermore if you use a port that belongs to another known service that is not running on that machine it helps as well.

Also, when do you actually have to type your ssh port? only on machines that you do not own where you probably should not login from in the first place.

So yeah it may not be the most secure thing to do but it already helps a lot.

hellofyou
Автор

1:11 would partly disagree about changing the SSH port. Yes, it won't hold back any bad actor targeting your system specifically but it will help against bots that scan for open SSH ports on the internet. So while it isn't a strong security measure, it can be helpful against more broad attacks.

sillysimon
Автор

Even if you switch SSH port, you can still use the default as a honeypot (bot trap). Then anyone/anything that comes knocking on the default port gets an entry on the ban list. The default SSH and SMB ports seem to be the best candidates for honeypots that help in early identification of those pesky net-blocks.

MrinalKantiM
Автор

real sysadmins memorize their ssh keys. stay hardcore

Alexbl
Автор

Changing your port number just reduces the noise (bots trying to brute force root's/test's password). Just keeps the logs shorter.

killistan
Автор

I've always wanted to setup port knocking, sounds by far the best way to secure network access to a server, and is also just super cool. But then I always just setup ssh like normal, and wish the attackers the best of luck.

grenin
Автор

For point 7 you can attach the EBS volume to another EC2 instance and add your keys that way to regain access.

samueldudley
Автор

I'd also like to point out PAM-2FA, amongst others, which can be used to mandate time-based OTPs or Yubikeys, etc., as second-factor authentication sources in SSHD as well as for console logins. Generally not too hard to bolt on to any system that uses PAM.

Phroggster
Автор

"hmm security... i trust the abstraction of a brand more" thanks excellent content as always bro

hashkeeper
Автор

In a company a good option would be to use certificate based ssh. This way leaked or old keys aren't a problem as they are only valid for a day. In this way you also don't have to put everyone's public key to the machines. Something like smallsteps step-ca would be the solution

phiwatec
Автор

As well as all your other Linux related videos, this one was an absolute blessing of a video.

knick
Автор

This got my sshd so effing hard. Thanks brah

Recreman
Автор

Changing SSH port to 80 or 443 allows me to access the machine from various ill-configured networks, so it IS useful.

Grishanof
Автор

I just recently put a new server on, and within a week there was about 50000 login attempts with all kinds of default accounts. I changed the port number, and now week later there seems to be only 1 such case.. I don't know but it seems to me that it's better and maybe statistically more secure that there is only 1 "hacking attempt" versus 50000 bots are trying everything around the clock

mikahuttunen
Автор

thanks for all that you do mental outlaw, so glad there are some genuine souls out there cutting through as much cruft as they can, and getting us to the meat of things in the shortest time possible, i gotta get better at this myself, cheers mate!

legoenforcer
Автор

Journalist: *Uses Harden*
But it fails

DavidNwokoye
Автор

youtube was really quick recommending me this

Drogobo
Автор

Honestly, these days I use a yubikey. At one point I didn't care for them because I thought they were just emulated keyboards typing OTPs, but once I realized I could use their FIDO function to store an SSH key I was on board.

LokiScarletWasHere
Автор

Using just an SSH key to login and no password would actually be safe in most circumstances. The key is either encrypted with a passphrase or stored in your OS's keystore. A thief would have a hard time using the key even if they do steal your laptop.

marc-andreservant