* '''Launchpad Entry''': UbuntuSpec:DedicatedLTSPSSH (this spec does not seem to exist in launchpad) * '''Created''': <> * '''Contributors''': * '''Packages affected''': * '''See also''': == Summary == In order to improve securability of ssh, Edubuntu by default should set up two sshd instances, one dedicated to LTSP and one standard instance for other access. These instances might either bind to different tcp ports (eg 22 & 10022) or different IPs -- the latter requiring the server to have two ip addresses. The standard sshd could be disabled by default or have restricted access. == Rationale == Random ssh dictionary attacks are very common on the net. If the existing ssh setup is exposed to the net (eg for remote admin), all of the accounts are exposed to this. Accounts with weak passwords are at risk of being compromised. The risk of directed attacks (eg a student compromising a teacher's account) is also heightened. Currently the only protection is use of TCP wrappers. All users must be accepted with simple password authentication for ltsp logins to work. With a second sshd instance, ssh facilities like AllowUsers, AllowGroups and unsetting PasswordAuthentication can be used (even by default) to restrict remote ssh access. == Use Cases == A school with a consultant, parent, etc. administering their server remotely discovers that he is (along with the rest of the net) getting frequent ssh brute force attacks. A school who does not have their net access firewalled. A school with low spec thin clients might wish to allow ltsp over an unencrypted ssh session, see. This probably should not be possible on an internet connected ssh. == Scope == This feature should, I think, be part of LTSP. As such it might be useful in Ubuntu more generally. == Design == ==== Server ==== * The server runs a second sshd instance off the existing ssh binary. * This is bound either to a different IP or a different TCP port. ==== Client ==== * The client (ldm) needs to connect to the server on port XXX instead of port 22. == Implementation == * A second ssh service must be created with its own init script, sshd_config and pid file. * These files would be included in the ltsp-server package. * /etc/ltsp/ltsp-sshd_config * /etc/default/ltsp-ssh * /etc/init.d/ltsp-ssh * /var/run/ltsp-ssh * ltsp-sshd_config is a copy of the usual sshd_config except that either the "Port 22" line must changed or a ListenAddress must be added. * In the latter case a ListenAddress must also be added to the standard sshd_config. * Also the following line is added. + PidFile /var/run/ltsp-sshd.pid + /etc/default/ltsp-ssh contains the line: # SSHD_OPTS="-f /etc/ltsp/ltsp-sshd_config" + /opt/ltsp/i386/usr/sbin/ldm is changed to add the port number to ssh_opts + If possible, the standard sshd is either # disabled by default # restricted to the admin group by default + If possible, ltsp-sshd should be restricted to local network access only using # AllowUsers *@192.168.0.0/24 (or whatever the local net is) # tcpwrappers? # iptables? == Outstanding Issues == == BoF agenda and discussion == ---- CategorySpec CategoryEdubuntuSpec