ComputerSecurityStudent (CSS) [Login] [Join Now]

|UNIX >> Ubuntu >> Ubuntu 12.04 Desktop >> Current Page |Views: 15085

(Ubuntu: Lesson 8)

{ Installing and Securing openssh-server (a.k.a., sshd) }

Section 0. Background Information
  1. What is SSHD
    • sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these programs replace rlogin(1) and rsh(1), and provide secure encrypted communications between two untrusted hosts over an insecure network.
  2. What is apt-get, dpkg and update-rc.d
    • apt-get: APT is acronym for Advanced Package Tool. It supports installing packages over internet (ftp or http).
    • dpkg: Debian packaging tool which can be use to install, query, uninstall packages.
    • update-rc.d: The update-rc.d command is used to create startup, enable, kill, and remove scripts for services listed in the /etc/init.d

  3. Prerequisite
  4. Lab Notes
    • In this lab we will how to do the following:
      1. We will update the apt-get package list.
      2. We will use dpkg to search the package list for openssh-server.
      3. We will use apt-get to install openssh-server.
      4. We will secure SSHD using the /etc/ssh/sshd_conf file. 
      5. We will use update-rc.d to create runlevel startup and kill scripts..

  5. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.


Section 1: Start Ubuntu 12.04
  1. Start Ubuntu 12.04
    • Instructions
      1. For Windows 7
        • Start --> All Programs --> VMware Player
      2. For Windows XP
        • Starts --> Programs --> VMware Player


  2. Verify Virtual Machine Settings.
    • Instructions
      1. Click on Ubuntu 12.04
      2. Click on Edit virtual machine settings


  3. Configure Network Adapter
    • Instructions
      1. Click on Network Adapter
      2. Click on the Bridged Radio Button
      3. Click on the Close Button


  4. Start the Ubuntu 12.04 VM
    • Instructions
      1. Click on Ubuntu 12.04
      2. Click on Play virtual machine


Section 2: Login to Ubuntu
  1. Change to Gnome Classic
    • Instructions:
      1. Click on the Circle


  2. Select Gnome Classic
    • Instructions:
      1. Double Click on GNOME Classic


  3. Login to Server
    • Instructions
      1. User: Student
      2. Password: Please supply the student password.


Section 3: Become Root and Verify Network Connection
  1. Start up a Terminal
    • Instructions
      1. Click on the Terminal


  2. Become Root
    • Instructions
      1. sudo su -
      2. Supply the student password.


  3. Verify you have a network connection
    • Instructions
      1. ifconfig -a
        • eth0 is the name of my interface.
        • is my network IP address.
    • Notes(FYI)
      • If you do not have an DHCP IP Address try the following:
        • dhclient
          • OR
        • /etc/init.d/networking restart


Section 3: Update apt-get's package index
  1. Update apt-get's package index
    • Instructions
      1. apt-get update
    • Notes(FYI)
      • update is used to resynchronize the package index files from their sources. I.e., The "update" flag updates apt-get's local database with debian server's pkglist files. The indexes of available packages are fetched from the location(s) specified in /etc/apt/sources.list.


Section 4: Search for openssh-server
  1. Search for openssh-server
    • Instructions
      1. apt-cache search openssh-server
    • Notes(FYI)
      • apt-cache is a command to manipulate and obtain information from the ubuntu packages.


Section 5: Install openssh-server
  1. Install openssh-server
    • Instructions
      1. apt-get install openssh-server
      2. Do you want to continue? Y


  2. Verify that openssh-server is installed and is running
    • Instructions
      1. ps -eaf | grep -v grep | grep sshd
        • ps -eaf, show all processes.
        • grep -v grep, filter out the grep process.
        • grep sshd, show only the sshd process.
      2. pgrep -l sshd
        • pgrep, is a command that combines both the "ps" and the "grep" commands.


Section 6: Startup Script for openssh-server
  1. Startup Script for openssh-server
    • Instructions
      1. ls -l /etc/init.d/ssh
    • Notes(FYI)
      • As part of the openssh-server installation, the ssh startup script is placed in /etc/init.d/ssh.


  2. Stopping and Starting SSHD with /etc/init.d/ssh
    • Instructions
      1. cd /etc/init.d
      2. ./ssh stop
      3. ps -eaf | grep -v grep | grep sshd
        • Notice, that no lines are returned, because sshd is not running.
      4. ./ssh start
      5. ps -eaf | grep -v grep | grep sshd
        • Now one line is returned, because sshd is running.


  3. Stopping and Starting SSHD with the "service" command
    • Instructions
      1. service ssh status
        • Notice, if ssh is running a process number is displayed call the PID (process ID).
        • In my case, the PID is 4221.
      2. ps -eaf | grep -v grep | grep 4221
        • Replace 4221, which your ssh PID.
      3. service ssh stop
        • This command still stop the ssh daemon.
      4. ps -eaf | grep -v grep | grep sshd
        • Notice, no processes are displayed for sshd, because we stopped sshd in the above command.
      5. service ssh start
        • Since, we restart sshd, it has a new PID of 4280 in my case.
      6. ps -eaf | grep -v grep | egrep '(sshd|4280)'
        • ps -eaf, display all processes.
        • grep -v grep, filter out the grep command.
        • egrep '(sshd|4280)', search for any process containing the string sshd or 4280.  Remember 4280 is my PID, and to replace 4280 with your PID.


Section 7: Securing openssh-server
  1. Backup the /etc/ssh/sshd_config file
    • Instructions
      1. cp /etc/ssh/sshd_config /etc/ssh/sshd_config.BKP
      2. ls -l /etc/ssh/sshd_config*


  2. Open the /etc/ssh/sshd_config file
    • Instructions
      1. vi /etc/ssh/sshd_config
    • Notes(FYI)
      • The sshd_config file is the openssh-server configuration file.


  3. Search for PermitRootLogin
    • Instructions
      1. Press the "/" key
        • This will put the VI editor into search mode.
      2. Type "PermitRootLogin"
      3. Press the <Enter> key


  4. Edit PermitRootLogin Directive
    • Instructions
      1. Right arrow over until the cursor is on the "y" in yes.
      2. Type "cw"
        • cw, means change word.
      3. Type "no"
        • By replacing "yes" with "no", we are not allowing the root user to login via ssh directly as root.
      4. Press the <Esc> key


  5. Search for PermitEmptyPasswords
    • Instructions
      1. Press the "/" key
        • This will put the VI editor into search mode.
      2. Type "PermitEmptyPasswords"
      3. Press the <Enter> key


  6. Verify PermitEmptyPasswords is set to no
    • Instructions
      1. By default PermitEmptyPasswords is set to "no".
      2. If PermitEmptyPasswords is set to "yes" for some unknown remarkable stupid reason, please set it to "no".


  7. Save the /etc/ssh/sshd_config file
    • Instructions
      1. Press the <Esc> key
      2. Type ":wq!"
      3. Press <Enter>


  8. Restart openssh-server
    • Instructions
      1. service ssh restart


Section 8: Create startup and kill scripts for openssh-server
  1. Create startup and kill scripts for openssh-server
    • Instructions
      1. update-rc.d ssh defaults
    • Notes(FYI)
      • The update-rc.d command is used to create startup, enable, kill, and remove scripts for services listed in the /etc/init.d.
      • If defaults is used then update-rc.d will make links to start the service in runlevels 2345 and to stop the service in runlevels 016. By default all the links will have sequence number 20.


  2. Verify startup and kill script was created
    • Instructions
      1. find /etc/rc*.d/* -print | xargs ls -l | grep ssh
        • find /etc/rc*.d/* -print, list all the file in /etc/rc*.d/*
        • xargs ls -l, Use the xargs command to issue provide a long list of each file that find displays.
        • grep ssh, only display files containing ssh.


Section 9: Proof of Lab
  1. Proof of Lab
    • Instructions
      1. grep -v "#" /etc/ssh/sshd_config | grep Permit
      2. ps -eaf | grep -v grep | grep sshd
      3. date
      4. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press both the <Ctrl> and <Alt> keys at the same time.
      2. Do a <PrtScn>
      3. Paste into a word document
      4. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth