Harden SSH Security with Two Factor Authentication

Before starting with the topic ‘SSH security’, have a look at few statistics that reflect why you need 2FA – Two Factor Authentication security method:

80% of security breaches could be prevented with Two Factor Authentication.

90 per cent of IT Departments plan to implement Two Factor Authentication for access to cloud applications to overcome mobility’s security challenges.

86% of people who use Two Factor Authentication security method feel their digital assets are more secure.

34% of companies do not have a crisis response plan for a data breach or cyberattack event.

In 93% of breaches, the attackers take less than a minute to compromise systems.

With rapidly increasing malicious activities over the Internet, SSH security has become a big challenge for the system administrators. SSH, also referred to as Secure Socket Shell or Secure Shell, is a cryptographic network protocol that provides the system administrators a secure way to access a computer remotely over an unsecured channel; the Internet. Secure Shell, as its name suggests, provides strong authentication between two computers connecting over a network. It transfers data in an encrypted form and ensures highly secure encrypted data communications between two computers. The network administrators worldwide use SSH for several reasons – managing systems & applications remotely, logging to another computer over an insecure network, executing commands and moving files from one computer to another.

Secure Shell uses the client-server model with an SSH server. SSH suite comprises three utilities, namely slogin, ssh and scp. To authenticate the remote computer, SSH uses public-key cryptography.

SSH protocol functions at a glance

  • Providing secure access for the users.
  • Interactive and automated transfers of files and data.
  • Managing the network infrastructure and other system components.

After taking the above-listed functionalities of Secure Shell into consideration, the network administrators must take SSH security seriously. The open source infrastructure setups use SSH service. Many remote shells have been replaced by SSH due to its ease of installation, maintenance, and several other features. Secure Shell is found to be highly vulnerable to the cyberattacks if sufficient care is not taken by the system administrators at installation and the configuration.

How Secure Socket Shell works?

SSH (Secure Shell) runs as a daemon on UNIX/Linux servers. To connect to the server, the client uses SSH client utility. For communication, by default SSH uses port 22. SSH ensures data confidentiality and integrity by using cryptography for authenticating client & server and data transfer.

Three basic steps in this communication process are:

  1. Client-server handshake
  2. Authentication
  3. Secures data exchange

During handshake phase, the information about SSH protocol version, cipher algorithms and compression algorithms is exchanged between both the sides. For accessing SSH server, the admin requires a key, or you can say the password. If this key goes in the wrong hands, then any unauthentic user can gain the access easily. Therefore, adding an extra layer for improving SSH security is must for the system administrators. To resolve this issue, Two Factor Authentication is the best solution.

What exactly this solution is, and how it works?

Two Factor Authentication, or simply 2FA, is a security method that adds an additional layer of protection in the normal login procedure to verify identity of the user who is logging in to the account. This security process requires two different factors – password and a verification code to verify whether the user is authentic or not. The second factor; i.e. verification code, is sent to the registered device (it can be a mobile or key fob) of the user, and is valid only for a few seconds. Without the combination of both these factors, gaining the access completely is not possible for any user. This security method is also known as Two Step Verification due to the use of two different and independent factors.

Possible factors for authentication

Something the user knows (the knowledge factors) – username, password, PIN.

Something the user has (the possession factors) – physical device to receive the verification code as a second factor.

Something the user is (the inherence factors) – biometric characteristics such as iris, retina, face scan, voice recognition, fingerprint.

Time and Location factors – geolocation.

In a simple term, 2FA (Two Factor Authentication) = ‘something you know’ + ‘something you have’ or ‘something you are’.

Systems with more demanding security requirements use Time and Location factors for authentication or verifying user.

Additional tips for greater SSH security

Below are some additional steps that help provide greater SSH security:

Use different port than 22

Instead of port 22, you can use port 227 for better protection against brute force attacks and several other security breaches.

Use SSH protocol version 2

To get top-level security against Man-in-the-Middle attack and a plenty of vulnerabilities, SSH protocol version 2 is considered the best.

Disable Root login

Direct root logins seem highly insecure. For protecting direct root logins, the best way is to require a primary user to log in via SSH.

Enable/activate Port Knocking

Port Knocking, a security technique, relies on knocking pre-defined ports on the SSH server to allow establishment of the SSH connection from a remote host.

Limit users’ SSH access

By default, all systems user can easily login via SSH using the public key or password. The users have full privileges to access system tools, network ports and many other things. Therefore, it is better for the system administrators to limit users’ SSH access for ensuring high level SSH security.

Disable empty passwords

For improving SSH security, the system administrators need to explicitly disallow remote login from accounts having empty passwords.

Use strong passwords and passphrase

Using strong user passwords and passphrase is very important for SSH security. Weak passwords can be easily compromised using brute force and dictionary attacks.

Using DSA public key authentication

Having a DSA (Digital Signature Algorithm) public key authentication system enabled makes SSH server bulletproof against brute force and dictionary attacks. It is because the system administrators need only a digital signature to login SSH service successfully.

SSH is one of the widely-used network services on all UNIX/Linux and BSD servers. It is not only a powerful tool for connecting and controlling servers, but also provides a secure server remote access.

With Two Factor Authentication, SSH security level becomes high because the admin requires a verification code along with key to prove his identity and gain access to a computer remotely and securely over an insecure network. If an attacker finds the first factor, i.e. the password, through brute force or any other method, then he needs the second factor to complete the login process successfully. In this way, Two Factor Authentication process hardens SSH security.

Two Factor Authentication: Best for the Online Security

The online identity of the authentic end users is at a risk of getting compromised any time by the hackers. It is because they; end users, protect their online identity using a single set of login credentials, i.e. username and password combination. The password is no longer a secure way, as it can be easily hacked by the online attackers using advanced hacking techniques available today. It shows that the online identity security is becoming a big challenge. The end users simplify the hacking process by using the same username and password combination, making it an easier task for the fraudsters to gain access to their valuable online accounts with a single hack. There is a need to an additional security layer or user authentication in the login process for improving the online security to its best level. One method that improves security and ensures no hacking of the digital assets is Two Factor Authentication.

What exactly this method is?

Two Factor Authentication, or simply 2FA, is a method that adds an extra security layer or authentication factor in the normal login procedure to verify identity of the user who is logging the account. In other words, this security method requires two different factors – password and a verification code, to check whether the user is authentic or not, and grant him access based on the two set of login credentials entered by him. The second factor, i.e. verification code, is sent to the registered mobile or any other physical device of the user, and is valid only for a few seconds. Due to the use of minimum two authentication factors for completing the login process successfully, this security method is also known as Two Step Verification.

Possible factors of authentication

The knowledge factors (something you know) – username, email, password, PIN, a secret question & answer.

The possession factors (something you have) – credit/debit card, mobile or any other physical device.

The inherence factors (something you are) – biometric characteristics of the user such as iris, retina, face scan, voice recognition, fingerprint.

Time and Location factors – geolocation.

2FA – Two Factor Authentication security method uses any two out of the possible four authentication factors for the verification purpose.

Combining ‘something you know’ with ‘something you have’ or ‘something you are’ is significantly more secure as it cannot easily be guessed or compromised by the online attackers. In fact, Two Factor Authentication is a single solution to all sorts of the online scams occurring over the Internet.

How 2FA strengthens security level?

Two Factor Authentication requires the users to use ‘something they know’ and ‘something they have’ or ‘something they are’ to complete the login procedure successfully. After entering the valid username and password combination, a verification code is immediately sent to the user’s registered mobile device via a text message. A user will get access to the service only after he enters this verification code in less than a minute. If any unauthorized user hacks your password, then he won’t be able to access your account, as he needs to enter the second factor, i.e. verification code. In this way, 2FA strengthens the online security level.

Adding this second layer of security is must to keep the hackers or intruders away from your valuable digital assets. 2FA emerges as the best solution for the online security.

One of the common examples of Two Factor Authentication in your everyday life is cash withdrawal through an ATM. In this process, you require your credit/debit card (something you have) and a 4-digit PIN (something you know). Without the combination of both card and PIN, cash withdrawal won’t be possible even for an authentic user also. If someone else steals your card, then withdrawing cash requires a secret PIN as well. This second factor prevents an unwanted transaction.

Two Factor Authentication (2FA) security method completely reduces or minimizes the possibility of cyberattacks. It is because 2FA makes login process more complex by requiring an extra factor along with username and password combination.