Logo

dev-resources.site

for different kinds of informations.

Segregation SSH Traffic

Published at
9/8/2024
Categories
ssh
traffic
segregation
cybersecurity
Author
sebos
Main Article
https://dev.to/sebos/segregation-ssh-traffic-1814
Categories
4 categories in total
ssh
open
traffic
open
segregation
open
cybersecurity
open
Author
5 person written this
sebos
open
Segregation SSH Traffic

Segregation SSH Traffic

Controlling access to SSH services is crucial for maintaining a secure environment, and the ability to search logs for troubleshooting and security concerns is just as critical.

Many tools, like Ansible, rsync, Terraform, and Docker, generate SSH traffic as part of their operations. Segregating this traffic by using different SSH ports for various services can simplify managing:

  • firewall rules,
  • monitoring,
  • and logging.

Let’s explore what it takes to move Ansible’s SSH traffic to a dedicated port, ensuring smoother and more secure operations.

SSH Match Statement

To segregate SSH traffic, we need to use conditional login rules in the SSH configuration file. The Match directive allows you to apply specific settings based on various conditions.

You can use the Match command to define settings based on:

  • Match User: The SSH user's username.
  • Match Group: The SSH user's group.
  • Match Address: The client’s IP address or subnet.
  • Match Host: The client’s hostname (resolved by DNS).
  • Match LocalAddress: The server's local IP address.
  • Match LocalPort: The port the SSH server is listening on.
  • Match RemoteAddress: The client’s remote IP address.
  • Match RemotePort: The client’s remote port.

In my case, I wanted to split the traffic, so regular SSH user traffic would be on port 22, while Ansible traffic would run on port 2222. To achieve this, I used the Match LocalPort directive.

Splitting the SSH Config File

To better manage and segregate SSH traffic, I split the SSH configuration into three parts:

  1. The main sshd_config file, which contains the common directives shared across both configurations (example provided below).
  2. A separate configuration for regular user traffic, containing additional directives specific to user connections.
  3. A dedicated configuration for Ansible traffic, also with its own set of directives.

One key difference between these configurations could be logging. For example, you might set low logging levels for Ansible to generate fewer log entries, while keeping high logging levels for user traffic to enable easier debugging in case of issues.

Splitting the SSH Config File

To better manage and segregate SSH traffic, I split the SSH configuration into three parts:

  1. The main sshd_config file, which contains the common directives shared across both configurations (example provided below).
  2. A separate configuration for regular user traffic, containing additional directives specific to user connections.
  3. A dedicated configuration for Ansible traffic, also with its own set of directives.

One key difference between these configurations could be logging. For example, you might set low logging levels for Ansible to generate fewer log entries, while keeping high logging levels for user traffic to enable easier debugging in case of issues.

Ansible Traffic

I moved the Ansible traffic to port 2222 using the Match LocalPort 2222 directive and configured it as follows:

  • Granted access only to specific ansible users connecting from the Ansible controller's IP address.
  • Set logging to capture errors only, reducing unnecessary log entries.
  • Decreased the time between keep-alive checks to ensure consistent connectivity.
  • Increased the number of concurrent SSH sessions that can be opened at once, optimizing Ansible's performance.

Next, we’ll take a look at how the configuration differs for regular users.

Traffic on Port 22

To handle the rest of the traffic, I configured a Match LocalPort 22 directive with the following settings:

  • Allowed connections only for the ssh-user group, which contains the list of users permitted to access via SSH.
  • Increased the time between keep-alive checks while reducing the number of unanswered keep-alives allowed.
  • Set the logging level to INFO for more detailed logging of user activity.
  • Limited the number of concurrent connections per user to enhance security.

By segregating SSH traffic using different ports and custom configurations, you can gain greater control over your server environment. Whether it's fine-tuning logging, managing connection limits, or tailoring firewall rules, this approach ensures that your critical tools like Ansible, alongside regular user traffic, run smoothly and securely. Taking the time to implement this type of SSH traffic management can improve both performance and security, while also simplifying troubleshooting and monitoring.

As you continue to scale your infrastructure, applying these strategies will help you maintain a more organized and secure system, tailored to meet your specific needs.

I’d love to hear how do you segregation SSH Traffic?

Below are the SSH config files

SSH Config File:Ansible Traffic (51-ansible_admin.conf)

Match LocalPort 2222


    ## Limit SSH Access to Specific Users
    AllowUsers [email protected]
    DenyGroups ssh-users

    ## Mitigate hanging or idle connections
    ClientAliveInterval 60
    ClientAliveCountMax 3

    ## Log Level
    LogLevel ERROR

    ## Limit Concurrent Sessions increased for Ansible
    MaxSessions 10
Enter fullscreen mode Exit fullscreen mode

SSH Config File:User Traffic (55-ssh-user.conf)

Match LocalPort 22


    ## Only users in the ssh-users group
    AllowGroups ssh-users

    # Mitigate hanging or idle connections
    ClientAliveInterval 300
    ClientAliveCountMax 0


    ## Log Level
    LogLevel INFO

    ## Limit Concurrent Sessions
    MaxSessions 10
Enter fullscreen mode Exit fullscreen mode

SSH Config File:sshd_config

## Strong SSH Key Algorithms
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512,hmac-sha2-256

PubkeyAcceptedKeyTypes [email protected],ssh-ed25519

## Disable ssh protocol 1
Protocol 2

Port 22
Port 2222

## Restrict Root
PermitRootLogin no

## Restrict Auth Key location
AuthorizedKeysFile /home/%u/.ssh/authorized_keys

## Disable Password Logins
PasswordAuthentication no
PermitEmptyPasswords no

## Disable Unused Authentication Methods
GSSAPIAuthentication no
ChallengeResponseAuthentication no

## Connection setting
MaxAuthTries 3
LoginGraceTime 30s


## Disable SSH Tunneling and Forwarding 
AllowAgentForwarding no
PermitTunnel no
X11Forwarding no

## Add Port base config
Include /etc/ssh/sshd_config.d/51-ansible_admin.conf
Include /etc/ssh/sshd_config.d/55-ssh-user.conf
Enter fullscreen mode Exit fullscreen mode
traffic Article's
30 articles in total
Favicon
How I Used Free SEO Tools to Make My Small Website Stand Out—And Saw a Huge Traffic Boost!
Favicon
How I Boosted My Website's Ranking with Free SEO Tools (No Tech Skills Needed!)
Favicon
How I Boosted My Blog Traffic Using Free SEO Strategies Even Big Companies Swear By
Favicon
Delhi’s Traffic Lights Need a Tech Glow-Up!
Favicon
Smart Transportation! GIS and 3D Scene Technology in Traffic Accident Analysis
Favicon
Segregation SSH Traffic
Favicon
DevHunt
Favicon
Listingbott
Favicon
Get Indexed Now with IndexRusher – The SEO Time-Saver
Favicon
What is IPVS?
Favicon
Unlocking Free Traffic: Strategies to Boost Visitors to Your Website
Favicon
Unlocking Free Traffic: Strategies to Boost Visitors to Your Website
Favicon
Unlocking the Code to High-Quality Traffic: A Revolutionary Approach
Favicon
API7 Enterprise's Canary Traffic Shifting Strategy for Precise Traffic Control
Favicon
How is Edge AI Transforming Urban Mobility with Real-Time Traffic Insights in Smart Cities?
Favicon
How to Increase Website Traffic
Favicon
Analyzing New York City Traffic Collisions with Perl One-Liners and Linux
Favicon
Use Our Traffic Management Courses to Handle Traffic Flow Successfully.
Favicon
4 Ways to Increase Traffic to your Website
Favicon
Boost Your Exposure with Getthit
Favicon
Need your feedback about: Which marketing channel did you focus on building Website traffic?
Favicon
SEO Tips that can help you get more traffic and customers
Favicon
Web Package
Favicon
AUTO Visitor
Favicon
13 Expert Tips To Drive Insane Traffic From Instagram To Website [Without Ads]
Favicon
How To Interlink Your Blog Articles To Help Seo And Increase Traffic
Favicon
We want traffic on sites, but don't want on our roads...
Favicon
How To Design a Perfect Website that a visitor Can not Forget🛡️
Favicon
Stellvertretend
Favicon
How to Add Traffic APIs to Your Location-Based App

Featured ones:

Favicon
Open
abubakersiddique761
Favicon
Open
0x3d_site
Favicon
Open
0x2e_tech
Favicon
Open
0x4c-quest
Favicon
Open
gittech