1. OpenSSH

OpenSSH is the primary SSH client and server used for Linux, BSD, Mac OS X and other Unix-like operating systems. It is free and open source and is part of the OpenBSD project. It includes scp and sftp for secure file transfers.

2. PuTTY

Although it works with both Windows and Unix, Putty is mostly used by Windows users, since SSH is not installed on Windows by default (unlike Linux and Mac OS X). PuTTY is free and open source.

GUI Applications

1. Filezilla

Filezilla is a file transfer application that includes support for scp and sftp. It is free, open source, and has cross-platform support.

2. WinSCP

A GUI file transfer program, WinSCP supports scp and sftp, and it is core is based on PuTTY. WinSCP is free and open source.

3. Cyberduck

Cyberduck is a file transfer application for Mac OS X that supports SFTP. It is free and open source software.

Among the most likely candidates to compete with Linux for the title of “Server King” are Solaris and BSD. Solaris was originally produced by Sun Microsystems, which has since been acquired by Oracle. One might consider the future of this OS as uncertain, but a free and open source version, OpenSolaris, ensures that the community can keep it alive even if Oracle does not.

BSD, originally created at the University of California in Berkeley is the primary Linux competitor in the server market, with several variants of its own that are similar to the Linux distribution model. Some of the more common include FreeBSD, NetBSD, and OpenBSD. OpenBSD in particular is known for its security-oriented development, and the creators of it are also responsible for OpenSSH, the secure shell server and client. In the coming weeks, we will look at both of these operating systems and see how they stack up against Linux.

Photo Source: Flickr

1. Disable the root password on the real server. Users may decide to use root passwords on their VPS systems, but do not make it easy for attackers to get past them to the real system.

2. Create a user designed just for admin tasks and give it “sudo” rights.

3. Create an ssh user to handle any remote logins and an sftp user for uploads to the real server. Disable remote access for all other users.

4. Run OpenSSH on a port other than the default 22. You can use 2222 or something else.

5. Rely on SSH keys for the two secure users and disable clear password authentication.

Photo Source: Flickr

The process is called chroot, which essentially creates a virtual file system within the larger Linux file system, limiting individual users to their own small section of the server. They might have an /etc directory, but it will a special one only for that user and not the same as the larger system’s /etc directory. Now, OpenSSH has a configuration option called ChrootDirectory.Now, OpenSSH has a configuration option called ChrootDirectory.

In /etc/ssh/sshd_config :

You need to configure OpenSSH to use its internal SFTP subsystem.
Subsystem sftp internal-sftp
Then, I configured chroot()ing in a match rule.
Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Read the rest at the Debian Administration website. You can also read the configuration manual simply by typing man sshd_config from the command line.

Source: Debian Administration
Photo: Flickr

1. Only use protocol 2. SSH-1 was known to have some security issues. On most servers, it should already be set to two, but it doesn’t hurt to check. Open /etc/ssh/ssh_config and make sure the following line is there:

Protocol 2

2. Allow or Deny specific users. Sometimes, you know exactly who to trust and who not to trust with SSH access. If you do, you can specify those users in your config file. For example, to allow only root, marshall, and bob to have access:

AllowUsers root marshall bob

To deny jake, rene, and xander:

DenyUsers jake rene xander

In part 2, we will discuss some other ways to secure your OpenSSH server. Check back soon.