Harden SSH Security with Two Factor Authentication

Before starting with the topic ‘SSH security’, have a look at few statistics that reflect why you need 2FA – Two Factor Authentication security method:

80% of security breaches could be prevented with Two Factor Authentication.

90 per cent of IT Departments plan to implement Two Factor Authentication for access to cloud applications to overcome mobility’s security challenges.

86% of people who use Two Factor Authentication security method feel their digital assets are more secure.

34% of companies do not have a crisis response plan for a data breach or cyberattack event.

In 93% of breaches, the attackers take less than a minute to compromise systems.

With rapidly increasing malicious activities over the Internet, SSH security has become a big challenge for the system administrators. SSH, also referred to as Secure Socket Shell or Secure Shell, is a cryptographic network protocol that provides the system administrators a secure way to access a computer remotely over an unsecured channel; the Internet. Secure Shell, as its name suggests, provides strong authentication between two computers connecting over a network. It transfers data in an encrypted form and ensures highly secure encrypted data communications between two computers. The network administrators worldwide use SSH for several reasons – managing systems & applications remotely, logging to another computer over an insecure network, executing commands and moving files from one computer to another.

Secure Shell uses the client-server model with an SSH server. SSH suite comprises three utilities, namely slogin, ssh and scp. To authenticate the remote computer, SSH uses public-key cryptography.

SSH protocol functions at a glance

  • Providing secure access for the users.
  • Interactive and automated transfers of files and data.
  • Managing the network infrastructure and other system components.

After taking the above-listed functionalities of Secure Shell into consideration, the network administrators must take SSH security seriously. The open source infrastructure setups use SSH service. Many remote shells have been replaced by SSH due to its ease of installation, maintenance, and several other features. Secure Shell is found to be highly vulnerable to the cyberattacks if sufficient care is not taken by the system administrators at installation and the configuration.

How Secure Socket Shell works?

SSH (Secure Shell) runs as a daemon on UNIX/Linux servers. To connect to the server, the client uses SSH client utility. For communication, by default SSH uses port 22. SSH ensures data confidentiality and integrity by using cryptography for authenticating client & server and data transfer.

Three basic steps in this communication process are:

  1. Client-server handshake
  2. Authentication
  3. Secures data exchange

During handshake phase, the information about SSH protocol version, cipher algorithms and compression algorithms is exchanged between both the sides. For accessing SSH server, the admin requires a key, or you can say the password. If this key goes in the wrong hands, then any unauthentic user can gain the access easily. Therefore, adding an extra layer for improving SSH security is must for the system administrators. To resolve this issue, Two Factor Authentication is the best solution.

What exactly this solution is, and how it works?

Two Factor Authentication, or simply 2FA, is a security method that adds an additional layer of protection in the normal login procedure to verify identity of the user who is logging in to the account. This security process requires two different factors – password and a verification code to verify whether the user is authentic or not. The second factor; i.e. verification code, is sent to the registered device (it can be a mobile or key fob) of the user, and is valid only for a few seconds. Without the combination of both these factors, gaining the access completely is not possible for any user. This security method is also known as Two Step Verification due to the use of two different and independent factors.

Possible factors for authentication

Something the user knows (the knowledge factors) – username, password, PIN.

Something the user has (the possession factors) – physical device to receive the verification code as a second factor.

Something the user is (the inherence factors) – biometric characteristics such as iris, retina, face scan, voice recognition, fingerprint.

Time and Location factors – geolocation.

In a simple term, 2FA (Two Factor Authentication) = ‘something you know’ + ‘something you have’ or ‘something you are’.

Systems with more demanding security requirements use Time and Location factors for authentication or verifying user.

Additional tips for greater SSH security

Below are some additional steps that help provide greater SSH security:

Use different port than 22

Instead of port 22, you can use port 227 for better protection against brute force attacks and several other security breaches.

Use SSH protocol version 2

To get top-level security against Man-in-the-Middle attack and a plenty of vulnerabilities, SSH protocol version 2 is considered the best.

Disable Root login

Direct root logins seem highly insecure. For protecting direct root logins, the best way is to require a primary user to log in via SSH.

Enable/activate Port Knocking

Port Knocking, a security technique, relies on knocking pre-defined ports on the SSH server to allow establishment of the SSH connection from a remote host.

Limit users’ SSH access

By default, all systems user can easily login via SSH using the public key or password. The users have full privileges to access system tools, network ports and many other things. Therefore, it is better for the system administrators to limit users’ SSH access for ensuring high level SSH security.

Disable empty passwords

For improving SSH security, the system administrators need to explicitly disallow remote login from accounts having empty passwords.

Use strong passwords and passphrase

Using strong user passwords and passphrase is very important for SSH security. Weak passwords can be easily compromised using brute force and dictionary attacks.

Using DSA public key authentication

Having a DSA (Digital Signature Algorithm) public key authentication system enabled makes SSH server bulletproof against brute force and dictionary attacks. It is because the system administrators need only a digital signature to login SSH service successfully.

SSH is one of the widely-used network services on all UNIX/Linux and BSD servers. It is not only a powerful tool for connecting and controlling servers, but also provides a secure server remote access.

With Two Factor Authentication, SSH security level becomes high because the admin requires a verification code along with key to prove his identity and gain access to a computer remotely and securely over an insecure network. If an attacker finds the first factor, i.e. the password, through brute force or any other method, then he needs the second factor to complete the login process successfully. In this way, Two Factor Authentication process hardens SSH security.