Server Networking Tips

Over the past year, we have covered many networking tips for servers. Here is a brief summary of the most important networking tips you should keep in mind for your dedicated server.

1. Use both a router firewall and a software firewall
2. Your name servers should be hosted on at least two different servers
3. If you use content delivery services, make sure they have servers close to your primary users
4. Block all ports except the most essential (i.e. web server, ssh, ftp)
5. Use traceroute and dns lookups to test network connectivity issues
6. Be sure to follow Internet standards with your DNS records
7. Use SSH, SCP, SFTP, and other secure protocols whenever you need to connect to your server

Photo Source: Flickr

Free SSH Programs for Download

SSH or Secure Shell is a secure method of accessing your web server for manipulation or file transfer (using SCP or SFTP). Here are a few software applications that you can use to access your server via SSH.

1. OpenSSH

OpenSSH is the primary SSH client and server used for Linux, BSD, Mac OS X and other Unix-like operating systems. It is free and open source and is part of the OpenBSD project. It includes scp and sftp for secure file transfers.

2. PuTTY

Although it works with both Windows and Unix, Putty is mostly used by Windows users, since SSH is not installed on Windows by default (unlike Linux and Mac OS X). PuTTY is free and open source.

GUI Applications

1. Filezilla

Filezilla is a file transfer application that includes support for scp and sftp. It is free, open source, and has cross-platform support.

2. WinSCP

A GUI file transfer program, WinSCP supports scp and sftp, and it is core is based on PuTTY. WinSCP is free and open source.

3. Cyberduck

Cyberduck is a file transfer application for Mac OS X that supports SFTP. It is free and open source software.

Secure user accounts with Jailkit

No, it is not something to help you break out of jail. Jailkit is a suite of free and open source software that limits user accounts to a limited portion of the filesystem, utilizing a tool called chroot. It can also be used to limit users to specific commands or restrict a daemon to run inside a chroot jail.

You can accomplish any of the above-mentioned tasks with a basic Linux system and several commands, but Jailkit simplifies and automates the process. According to the project website, Jailkit is used by “leading IT security firms, internet servers from several large enterprise organizations, internet servers from internet service providers, as well as many smaller companies and private users that need to secure cvs, sftp, shell, or daemon processes.”

Jailkit comes with several commands, all of which are prefixed with “jk_”. Some of the features include: a launcher that can start a daemon in a jail, a chroot shell tool, a tool to limit binary execution, a tool to update and clean up a jail based on the changes already made on a the system at large, and many more. Jailkit is freely available for download from the projects website.

Photo Source: Flickr

What is Putty?

PuTTY is a free terminal emulator that supports SSH and many other protocols. Most users, particularly on Windows, find it very useful for connecting to a Unix or Linux SSH server. PuTTY has a graphical configuration interface with many useful features:

• storage of connection data for quick reconnection
• port forwarding
• IPv6 support
• SCP and SFTP support

In addition to Windows, PuTTY has been ported to Linux and other Unix-like operating systems and will soon have a Mac OS X version. PuTTY is free and open source software released under the MIT license. It is available for download from the project’s website.

Photo: Wikimedia Commons

The benefits of SFTP

FTP is the primary method used by website owners to upload content to their servers or distribute large amounts of data. FTP is easy to use and generally efficient at doing its job, but no one would claim that it is completely secure. Generally speaking, files you upload to your website are public anyway, so you might not care if someone intercepts an FTP session’s contents.

When dealing with private information, however, it is a good idea to use a secure transfer method. It is also a better practice in general to use something secure so that your transactions and possibly client and user transactions are not available for the world to see. SFTP is a method of transferring data over an SSH channel.

There are SFTP clients available, and many FTP clients also support SFTP. They may even refer to it as SSH, since SFTP stands for SSH File Transfer Protocol. SFTP does require the user to have an SSH account, and some web hosting providers do not allow them, but if yours does, it is an excellent alternative to FTP.

Photo: Wikimedia

Keep SSH users in their home directories

Since 2008, OpenSSH now has a feature that allows Linux system administrators to keep web hosting clients and other users out of system directories like /etc /bin /var, and others. In the past, admins had to rely on other packages, such as rssh.

The process is called chroot, which essentially creates a virtual file system within the larger Linux file system, limiting individual users to their own small section of the server. They might have an /etc directory, but it will a special one only for that user and not the same as the larger system’s /etc directory. Now, OpenSSH has a configuration option called ChrootDirectory.Now, OpenSSH has a configuration option called ChrootDirectory.

In /etc/ssh/sshd_config :

You need to configure OpenSSH to use its internal SFTP subsystem.
Subsystem sftp internal-sftp
Then, I configured chroot()ing in a match rule.
Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Read the rest at the Debian Administration website. You can also read the configuration manual simply by typing man sshd_config from the command line.

Source: Debian Administration
Photo: Flickr