»[Suggestion] - Securing SSH

Discussion in 'Suggestions & Feedback' started by stefatorus, May 3, 2016.

  1. stefatorus

    stefatorus Journeyman Member

    Messages:
    47
    Ratings:
    +3 / -0
    Hi,I am Stefatorus!I have a suggestion/bug fix for you.
    Anyways,what i want to suggest is changing the port of the SSH connection and adding a SSH Key.
    It makes the SSH much more secure than now,with the default port 22 :)))))) and no SSH Key.
    Its a easy thing to do,taking like 5-10 minutes / linux server.


    How will it help the server:
    -Are we secure?: Yes,you are.99% of players dont even know what a SSH connection is,and the password may be hard to find,i think that you are allmost secure :)
    - Allthough SSH breaking is Hard and painfull,once you have access to it,you can op yourself everywhere,ban everyone in hubs,etc,copy all the server into your pc,delete all the servers,in a way that GuildCraft gets in a WhiteList for as long as 2-3 weeks in case no Backups were made.Thanks.

    Proof:
    http://imgur.com/a/tpWQC


    What is SSH:
    SSH (Secure Shell) is a encripted network protocol that helps you to operate over a unsecure network (like the damn all internet is).There are 2 SSH "versions": SSH-1;SSH-2,that for the basic understanding.

    How is it used:
    SSH is kinda the CONSOLE - You can do anything from there.Its the linux and stuff,you can do anything with it.

    SFTP:
    Sftp is a Secure FTP with the same password as the SSH ''Console".It is used to send and recieve files.
     
    stefatorus, May 3, 2016
    #1
    • Informative Informative x 1
  2. stefatorus

    stefatorus Journeyman Member

    Messages:
    47
    Ratings:
    +3 / -0
    When im pissed off i do stuff .
    Found some unused ports for
    play.guildcraft.org.........


    Found out GC uses Centos (as expected)
    -Needs fixed --

    Tip:
    Try accessing
    http://play.guildcraft.org:80


    play.guildcraft.org:4471 - still looking,not a mc packet

    Hmm,bananas?Found something......Secret for the moment

    Ok,soo basically,they had a ts.guildcraft.org:25565 <--- what i done
    Well,i used another bungee to try to breach in.Sadly,ipwhitelist is there <3

    Server brand: Waterfall (git:Waterfall-Bootstrap:1.9-SNAPSHOT:ba75eaa:192) <- PaperSpigot - its running on Lobby,i think (or Anni Lobby - very probable) <3
    Found it by mistake when mc crashed


    Some servers were found,ip and port (most on the www.gc.org dedicated) and now pending
    verification & identification

    Anni ip revealed
     
    Last edited: May 3, 2016
    stefatorus, May 3, 2016
    #2
    • Informative Informative x 1
  3. Looting_III

    Looting_III Enthusiast Member

    Messages:
    136
    Ratings:
    +35 / -0
    Question, how would you know if they are using a key or a password for ssh. You can use pretty much any port you want on either mode. Also a sufficiently complex password is not really any more vulnerable than a key.
     
    Looting_III, May 3, 2016
    #3
  4. stefatorus

    stefatorus Journeyman Member

    Messages:
    47
    Ratings:
    +3 / -0
    If u login with root without a SSH Key you would be kicked out of the SSH
     
    stefatorus, May 4, 2016
    #4

Share This Page