security question

[SCHISCHKA]

I have a headless server. no keyboard or monitor or any physical human interface.

I want to turn off ssh & sshfs server when im not using it, and change some iptable rules, without having to type anything.

I could write a script that detects a USB drive with a signed key, which then executes a root user script.

What security considerations should I considerate on? other than the obvious physical loss of the USB key.

[Lumi]

Make a vlan and make ssh accessible only from it. Also use key auth instead of password.

[Brian Blankenship]

You could use port knocking.

https://en.wikipedia.org/wiki/Port_knocking

There are linux packages out there for it, last I knew.

[SCHISCHKA]

10 hours ago, Lumi said:

Make a vlan and make ssh accessible only from it. Also use key auth instead of password.

i already have key auth. I could do vlan but i still want to stop the ssh and file servers.

3 hours ago, Brian Blankenship said:

You could use port knocking.

https://en.wikipedia.org/wiki/Port_knocking

There are linux packages out there for it, last I knew.

id rather have a physical key. there is no need to remotely activate ssh.

[Lumi]

16 minutes ago, SCHISCHKA said:

i already have key auth. I could do vlan but i still want to stop the ssh and file servers.

id rather have a physical key. there is no need to remotely activate ssh.

Whats the point if it's locked down to local network? 

[LtStaffel]

I'm really just having a hard time understanding what use this server has. If you shared what application you have for it, that'd help me think of ways to solve your problem.

[SCHISCHKA]

46 minutes ago, LtStaffel said:

I'm really just having a hard time understanding what use this server has. If you shared what application you have for it, that'd help me think of ways to solve your problem.

i wouldnt call this a problem, more an idea. I will clarify the use case: I want a physical key to start & stop ssh server.

[LtStaffel]

13 minutes ago, SCHISCHKA said:

i wouldnt call this a problem, more an idea. I will clarify the use case: I want a physical key to start & stop ssh server.

I mean, what is the server's use? What are you doing with the server? Computing? Storage?..??

[SCHISCHKA]

4 minutes ago, LtStaffel said:

I mean, what is the server's use? What are you doing with the server? Computing? Storage?..??

It is a headless server that needs occasional ssh access, and I would prefer to not leave ssh running all the time.

[mariushm]

 

A tiny 1$ microcontroller and a tiny UART / serial / i2c to USB chip , or a microcontroller with usb functionality programmed to show up to linux/windows as serial port.

Write a script that every few seconds goes through all the serial ports, connects and sends some kind of code and waits for a reply. If your microcontroller responds correctly to the code, starts ssh

the script switches to monitoring that serial port. if disconnected or serial port no longer exists (usb stick/device removed), kill ssh server

 

A more complicated option would be to write some software that would record 24/7 the line in or mic in of your sound card and when it receives a series of tones (think pin number where digits are 10 different tones), it starts ssh.  Different pin kills it.

A tiny 1$ micro powered from a 3v battery and a couple of buttons would probably

[SCHISCHKA]

48 minutes ago, mariushm said:

A tiny 1$ microcontroller and a tiny UART / serial / i2c to USB chip , or a microcontroller with usb functionality programmed to show up to linux/windows as serial port.

Write a script that every few seconds goes through all the serial ports, connects and sends some kind of code and waits for a reply. If your microcontroller responds correctly to the code, starts ssh

the script switches to monitoring that serial port. if disconnected or serial port no longer exists (usb stick/device removed), kill ssh server

so you have taken my idea of using a USB drive holding a key but, you have made it more complex and expensive.

49 minutes ago, mariushm said:

A more complicated option would be to write some software that would record 24/7 the line in or mic in of your sound card and when it receives a series of tones (think pin number where digits are 10 different tones), it starts ssh.  Different pin kills it.

A tiny 1$ micro powered from a 3v battery and a couple of buttons would probably

thanks but i need to know what is wrong with my idea, I do not want a more complex idea.

[mariushm]

7 hours ago, SCHISCHKA said:

so you have taken my idea of using a USB drive holding a key but, you have made it more complex and expensive.

thanks but i need to know what is wrong with my idea, I do not want a more complex idea.

A usb drive would be a mass storage device that can be read by anyone directly.  Normally, you wouldn't want people to directly be able to read keys and serials from devices because the could reverse engineer everything

Yes, such a drive would be cheap because it's mass produced. Maybe you can buy a small one (512MB-1GB) for 1-2$ , plenty of companies do such usb sticks for marketing purposes and shit like that.

 

A custom made stick like I said would not appear as mass storage, but rather as a serial port on your computer and the computer would have to send a "challenge" phrase and only then the stick would reply with something. that something could even change depending on day of month or whatever, or have some random characters to make it harder for someone to reverse engineer anything.

The password (or whatever) could be stored in the microcontroller's eeprom (usually 128-256 bytes or easy to write/rewrite memory) and could be changed through commands you give the microcontroller from a computer.

 

As for "more expensive" everything's more expensive in small volume , but custom making a usb stick will only cost you like 1$ for usb connector, 1-3$ for the custom circuit board (but you could make everything on a prototyping board and just solder a usb cable instead of using connector), maybe 1$ each for microcontroller and whatever to USB chip.. and some cash for a programmer (which is a one time buy that may get you into making more microcontroller based things) ... But, the joy of custom making something... priceless.

 

 

 

[Lumi]

12 hours ago, SCHISCHKA said:

It is a headless server that needs occasional ssh access, and I would prefer to not leave ssh running all the time.

Just whitelist where you're connecting from there's literally no point in what you're trying to accomplish

[SCHISCHKA]

12 hours ago, Lumi said:

Just whitelist where you're connecting from there's literally no point in what you're trying to accomplish

yes i have this but a whitelist wont stop ransomware coming from a friendly address.

[SCHISCHKA]

14 hours ago, mariushm said:

A custom made stick like I said would not appear as mass storage, but rather as a serial port on your computer and the computer would have to send a "challenge" phrase and only then the stick would reply with something. that something could even change depending on day of month or whatever, or have some random characters to make it harder for someone to reverse engineer anything.

 

I have since found  a youtube video that has turned a r-pi zero into something that can toy with its host over USB.

I still dont see why it would need a processor. If I wanted to change the key regularly, then I can do that with a storage drive. I can only think I would want a processor if i wanted to add a fingerprint scanner.

[Lumi]

17 hours ago, SCHISCHKA said:

yes i have this but a whitelist wont stop ransomware coming from a friendly address.

please stop

[Mira Yurizaki]

On 9/25/2017 at 3:48 AM, SCHISCHKA said:

I could write a script that detects a USB drive with a signed key, which then executes a root user script.

What security considerations should I considerate on? other than the obvious physical loss of the USB key.

Someone taking the USB drive, realizing there's a security key on it, and copying it. Oh look, now they have it on the interwebs for people to do naughty things to your computer. This isn't any different than having a USB drive that has a text file with the login password on it.

 

Also if the system is listening for a USB key and has to run a script as root when it finds said key, that means that the account listening to the USB port needs to be able to automatically elevate to root or is already running as root. This is horrible security practice from the get go.

 

18 hours ago, SCHISCHKA said:

yes i have this but a whitelist wont stop ransomware coming from a friendly address.

You're running a server that I'm presuming is exposed to the internet. What's stopping an attacker from poking at one of the other ports you left open? SSH isn't the only way to attack and get into your system.

[SCHISCHKA]

4 hours ago, M.Yurizaki said:

Someone taking the USB drive, realizing there's a security key on it, and copying it. Oh look, now they have it on the interwebs for people to do naughty things to your computer. This isn't any different than having a USB drive that has a text file with the login password on it.

 

this is a physical key for physical access. Have you ever seen how card access works on government computers? Have you ever heard of the mantra something you have, something you know...

4 hours ago, M.Yurizaki said:

You're running a server that I'm presuming is exposed to the internet. What's stopping an attacker from poking at one of the other ports you left open? SSH isn't the only way to attack and get into your system.

sorry you are not answering my question. i am not going to digress into every possible attack vector.

[SCHISCHKA]

the answer is pamusb https://wiki.debian.org/pamusb

[Sebivor]

I can see the point of the other posters here. If we assume such a hostile environment that even disabling SSH might not provide a requisite amount of security, then... sorry... you're out of luck! Once someone gains physical access to a system, there are countless ways to circumvent the security.

The biggest security consideration I can think of is that someone could duplicate your physical key with almost no effort. Suppose someone inserts a different hard drive, which waits for you to insert the key, makes a copy and sends the copy back to... who knows?

Additionally, your key can be modified, and used to gain leverage against you. Suppose a piece of cryptographic ransomware encrypts your key and demands a ransom for its release. Will you be prepared to pay up? I wouldn't want that... but there are no solutions.

USB's not entirely a secure protocol, and computers shouldn't be trusting of USB devices by default. Have you considered that the attacker might plug in a USB wireless keyboard transceiver, or disguise a malicious arduino inside of a USB thumb drive which looks exactly the same as yours (and "accidentally drop" it somewhere)?

[Mira Yurizaki]

Quote

this is a physical key for physical access. Have you ever seen how card access works on government computers? Have you ever heard of the mantra something you have, something you know...

Except those require you to enter a PIN, password, or some other secure identifying thing so the user can prove they're really the user. If it provides you with physical access, then it's also likely you need to punch in a PIN at a keypad during off-hours when security isn't as tight. What you're suggesting is automatically accepting any USB thumb drive that just happens to have the key without any further authentication. If anyone can spoof it, anyone can get into your system.

 

33 minutes ago, Sebivor said:

I can see the point of the other posters here. If we assume such a hostile environment that even disabling SSH might not provide a requisite amount of security, then... sorry... you're out of luck! Once someone gains physical access to a system, there are countless ways to circumvent the security.

I think this brings up a point.

 

If you're so concerned about security that you want SSH disabled at all times until you actually want it, what makes having a regular USB thumb drive with some special things on it any safer? And if you're worried about remote attacks, what makes closing off just that service any safer? Yeah, it's good security practice to limit the amount of services to the absolute minimum to limit the attack vectors, but trading one solution for another that's possibly more insecure doesn't solve anything.

 

Maybe I'm missing something here, but this just screams to me "I want a really secure box... but still have a backdoor of sorts."

[SCHISCHKA]

9 hours ago, Sebivor said:

The biggest security consideration I can think of is that someone could duplicate your physical key with almost no effort. Suppose someone inserts a different hard drive, which waits for you to insert the key, makes a copy and sends the copy back to... who knows?

Physical key for physical access. i.e. you must break into the property. You do not need to steal the usb key, because you can plug in a mouse and keyboard. This physical break-in would occur somewhere between murdering the security guard and before a shoot out with the police.

9 hours ago, M.Yurizaki said:

Except those require you to enter a PIN, password, or some other secure identifying thing so the user can prove they're really the user. If it provides you with physical access, then it's also likely you need to punch in a PIN at a keypad during off-hours when security isn't as tight. What you're suggesting is automatically accepting any USB thumb drive that just happens to have the key without any further authentication. If anyone can spoof it, anyone can get into your system.

 

I never asked for automatic ssh login. I never asked for ssh over internet. I asked to disable ssh and other software using a physical key. As you can see above I have already found a solution. thank you.