"Don't install what you don't need", but run Tor to connect to your servers via SSH. Huh?
Hardening SSH makes a lot of sense and this article provoked a lot of thought. But there's too much political rant and leaps of faith for my taste. I'd like to hear some hardening guidance with more fact, less vitriol.
I can't imagine running a tor client on a production server and question its safety on my desktop (When I use it, I run up a disposable VM that gets wiped). So run software that connects you to the most hostile network out there and hope to god everything is secure on the client side of things?
This is the problem with trying to fight the NSA or some other over-inflated bogeyman. If you focus on weird edge cases you lose sight of practical security. I'd be more worried about opening myself to tor than some theorized attack on ssh ciphers.
Unfortunately, it seems network security has become fairly political, and if you don't make jabs at the NSA, while of course ignoring other state actors, then you won't be put on HN and reddit, which always welcomes politicized information at the cost of accuracy. I hope this hysteria is temporary and cooler heads will prevail and the Alex Jones listening crowd will stop holding the microphone.
> I'd be more worried about opening myself to tor than some theorized attack on ssh ciphers.
Most of the attacks launched on Tor aren't in the "remote takeover of the tor server via memory corruption" category, they have (in recent history) mostly been in the form of:
* Attack firefox.exe in Tor Browser Bundle
* Control a lot of nodes, do something networky to discover the user's actual IP/location
What is the threat you anticipate will result from "opening yourself to Tor"?
Yes, these are the attacks we know of, and the first one only because the FBI told us so. I suspect Tor is a lot more targeted and dangerous than people assume and using it casually to administer servers is asinine.
This is my concern. Massively enlarging my attack surface because "OMGZ NSA" is just bad advice. I don't think people who write these guides have a holistic picture of security or understand its best practices. We can't just keep tacking on services and questionable tricks because of feel good politics and faith in obscurity.
It reminds me of people who use things like ssh password lockouts. Why aren't you using keys or firewalling off to only IPs that need to connect. Or tacking on SSL here and there instead of using a proper VPN.
Security should lean towards simplicity and best practices, not towards a kitchen sink approach that might just make things worse for you via complexity and surface raising.
Completely agreed. Focus on what you know to be an exposure (ie publicly accessible ports) versus what you are guessing might be an exposure. To put another way, fix what you know to be broken.
Hardening SSH makes a lot of sense and this article provoked a lot of thought. But there's too much political rant and leaps of faith for my taste. I'd like to hear some hardening guidance with more fact, less vitriol.