Being a system administrator, it is one of our key responsibilities to manage & monitor the production & enterprise servers, upgrading their kernel, installing latest available software packages & patches and carrying out other server routine tasks on daily basis while accessing the servers remotely.
So there are actually 2 major protocols that are used to access the servers:
- Telnet
- SSH
Let’s discuss both one by one:
Telnet
- Telnet is the joint abbreviation of Telecommunications and Networks and it is a networking protocol best known for UNIX platform.
- Telnet uses the port 23 and it was designed specifically for local area networks.
- Telnet is not a secure communication protocol because it does not use any security mechanism and transfers the data over network/internet in a plain-text form including the passwords and so any one can sniff the packets to get that important information.
- There are no authentication policies & data encryption techniques used in telnet causing huge security threat that is why telnet is no longer used for accessing network devices and servers over public network.
- On a Linux system, telnet can be easily installed using yum:
The best use of telnet is to check the status of any specific service on a remote host. For example, if we want to check the status of Apache web service which runs on port 80 on our local server, it can be done as:
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
[root@pbx2 ~]#
Now we can see that the web service is stopped and telnet is unable to connect, so we have to restart the service on the server as:
Stopping httpd: [FAILED]
Starting httpd: [ OK]
Now checking again:
Trying ::1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
So the apache service is up now, similarly checking the status of SSH daemon on the server which runs on port 22:
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
^]
telnet> quit
Connection closed.
SSH
- SSH stands for Secure Shell and it is now only major protocol to access the network devices and servers over the internet.
- SSH runs on port 22 by default; however it can be easily changed.
- SSH is a very secure protocol because it shares and sends the information in encrypted form which provides confidentiality and security of the data over an un-secured network such as internet.
- Once the data for communication is encrypted using SSH, it is extremely difficult to decrypt and read that data, so our passwords also become secure to travel on a public network.
- SSH also uses a public key for the authentication of users accessing a server and it is a great practice providing us extreme security.
- SSH is mostly used in all popular operating systems like Unix, Solaris, Red-Hat Linux, CentOS, Ubuntu etc.
- We can change the SSH port of our server following the below way:
After opening the file, search for Port which should be commented by default like shown below:
Un-comment it and change the port like I’ve changed it to 10089
Save the file and quit and give a reset to the SSH daemon using the below command:
We can also disable the root access of the server making a little modification in the same file searching the below parameter:
Un-comment it and replace “yes” with “no”
Conclusion:
These are the very basic security tips for a Linux server, we will definitely discuss the important Linux Security Hardening tips in our upcoming article. The famous tools to access the servers via Telnet or SSH are Putty, MTPutty and Secure CRT. SSH is dominant so far, it is also used to access Cisco devices as well.