SSH Hi-jacking

Hi all,
I have a question about SSH? Is SSH less vulnerable to FIN and RST attacks?

I don't believe it should be as SSH encrypts all data in the stream. If it is vulnerable to attacks, how do I defend against these attacks

 

Which SSH? If you are talking about the widely used OpenSSH from the developers of OpenBSD, then it is quite secure. I don't think any of the things you mentioned are applicable for OpenSSH security.

In order to secure OpenSSH, you will want to set PermitRootLogin to no, possible tweak the MaxAuthTries, turn PasswordAuthentication off and use only public and private keys. Also, change it so that the Protocol is only 2, not one.

Change the port if you want to in order to limit mere scripting attacks that search for all connections at port 22, but it doesn't offer any real security beyond that.

The most secure way is to go the key route and turn off passwordauthentication, but it is also quite a hassle.

If you are on *nix, to read up on the documentation, just type man sshd_config which will list all the different things you can configure, but to make things easier here are all the man pages needed:
ssh sshd ssh_config sshd_config

All of these options I described are located in the /etc/ssh/sshd_config file which you will need to edit as root or through sudo.

If this hasn't been very clear, I can write it out more clearly and more descriptively if needed.

Cheers,

Alphalutra1

 

Welcome to the forums Ashley_101,

If by "FIN and RST attacks" you mean disrupting existing connections (which is all that FIN/RST packets can do) then SSH can be affected as much as any application using the TCP protocol. However all these can do is a Denial of Service - they cannot be used to hijack a connection, intercept data or gain access to a system.