 Web SSH Security
Experienced system administrators and SSH users are wise to consider the implications
of an SSH relay service.
You need understand the GotoSSH.com service and the implications of using it. To help, we
have prepared an explanation of how the service works, the risks involved, and the steps that have been
taken to minimize the risk and ensure security.
Method
GotoSSH.com uses secure encrypted connections end-to-end during you SSH session. When you open an
SSH connection within GotoSSH.com, our server establishes a secure SSH connection to your server.
Your web browser then communicates to our server using secure 128-bit SSL connections. Our server then acts
as a relay for data travelling between your server and your web browser.
Risks
By making your servers available online, you have exposed your servers to potential
exploitation. The SSH protocol is secure, but weaknesses in any publicly accessible service
have a chance of being exposed.
Trusting a 3rd-party with connections to your servers is also a risk. By being in the middle of your
connection, a 3rd-party could steal usernames, passwords, and could log transmission of sensitive data.
By using GotoSSH.com, we understand that you are trusting us to respect the privacy of your data. We
will never view, log, or monitor data that is relayed through our servers.
Our system implementation and policies are geared toward minimizing the risks that are assumed by
using this system.
Password Safety
We never store passwords or private keys to your servers. In the unlikely event that your GotoSSH.com
account is compromised, no one will gain access to your servers. Each time you connect to one of your
servers, you are required to enter both your own server's username and password, which is relayed directly to your
server. And, in accordance with our logging policies, we do not log relayed traffic.
Data Logging
We never log any of the data that is relayed through our servers. No information originating on
your servers, and no keypresses, are ever logged. If our servers are compromised,
attackers will not gain access to your servers or your data, because we do not store it.
Active Sessions
During an SSH session on GotoSSH.com, we maintain an SSH connection to your server. Just as with
any other SSH client, if you do not close your connection you are not practicing good security. Unclosed,
SSH connections will eventually timeout and be closed by our system, but it is best to remember to
"exit" any SSH session you have used.
Responsibility
While we have taken steps to keep you safe, ultimately, you are responsible for your data and should
practice good security. We recommend some steps that you can take to protect your servers while keeping
them SSH accessible:
- Limit SSH connections to particular IP addresses. By using the GotoSSH.com service, you have the opportunity of
reducing the potential of third-party break-in attempts. Simply restrict access from other IP addresses, while allowing the
GotoSSH.com address (208.53.44.216).
- Do not allow the root user to log in via SSH. By logging in using a regular user, a potential attacker
needs to break through another level of security before gaining root access to your machines.
- Set a timeout limit on your SSH sessions. By making sure your idle connections are closed in a timely
manner, a passer-by will not be able to take advantage of a session you are finished with.
More Information
We do not cover configuration procedures for SSH servers.
More information about the SSH protocol and security concerns are widely available on the World Wide Web.
Questions?
If you have any questions or concerns about the security of the system, please .
|