Ssh secure or not?

Jamesbe12 · April 9, 2020, 7:03pm

Hi,

About ssh, on dd wrt the ssh option is disable by default cause it supposed to be not really safe but here it enable. I wonder why?

And , Ive configured my ssh putty + key authentification + passphrase.

Am i ok now, secure? And, Do i need to keep ssh disable in luci between my putty's session?
Thanks

jow · April 9, 2020, 7:05pm

SSH access should be more secure than LuCI access in any imaginable case.

Jamesbe12 · April 9, 2020, 7:20pm

Ok but you need to secure ssh protocol more than just your web interface password?

lleachii · April 9, 2020, 7:27pm

The passwords are the same
Web (without HTTPS) is plain text, so obviously SSH is more secure

Do you have a specific inquiry...like how to make a key for SSH instead of a password?

(It seems you've completed that, though)

I've never heard that. I've heard this about Telnet; but not SSH.

Did you use a secure password?

NortonLifeLock Password Generator

(but you said you used a key...I'm really lost at what makes you think the SSH protocol is insecure...but a HTTP web interface is secure???)

jow · April 9, 2020, 7:32pm

I think the default SSH configuration for OpenWrt is reasonable secure, at least for me personally it is secure enough to also expose it to the WAN.

Usually you do not need to take extra measures to protect your SSH access somehow except for choosing a good, strong password.

To further increase your SSH security you could switch to using keys instead of a password and disable SSH password login completely.

Jamesbe12 · April 9, 2020, 7:36pm

And the best is using ssh via ethernet cable to router I guess or even via wifi, no problem?

Thanks again

Jamesbe12 · April 9, 2020, 7:43pm

And if I disable the password login, it does not mean that I dont need a password anymore right?

Just to be sure .. for exemple, if I disable the ssh password login, I can't have access to a session in putty right? Dont know if I'm clear enough:-)

Borromini · April 9, 2020, 8:03pm

Can't PuTTY handle keys? If it cannot disabling password login won't allow you to use PuTTY. Personally, for WAN SSH connections I enforce keys.

lleachii · April 9, 2020, 10:53pm

Your WiFi security is another worry...so, is your WPA2 or greater AP secured with a good passphrase?

BTW, WiFi is disabled by default in OpenWrt; but please note the disabled settings are configured as Open. You must set this up as you desire (e.g. changing to your SSID from the default OpenWrt), do so securely and enable it yourself.

Regardless, SSH is encrypted...do you have an actual security concern in your inquires?

EDIT: Also, be careful making changes over WiFi that may cause you to loose connection to the router/AP.