Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Newbie
    Join Date
    Jan 2020
    Posts
    7

    Default I had SSH enabled under Access Rules. I assume this was bad?

    So as the title says I had SSH enabled under Access Rules for a few months. I assume this was a bad idea, and I only had a 5 character password for it? I didn't realize a the time I should not have enabled it for all interfaces, all I did was check the Allow SSH box as in the picture below.

    If it was a bad idea I will re-install untangle and set up from scratch, but before I do I thought I would ask here if what I did with SSH was a security risk.
    Attached Images Attached Images

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,197

    Default

    Enabling SSH on the WAN allows anyone in the world to run hacking scripts against your firewall. I would reinstall for peace of mind.

    If you want ssh access, create a new rule to enable it only on the LAN interfaces.
    flyboy320 likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,251

    Default

    That rule really needs changed to had source interface non-wan... just to avoid this junk.

    But yes, that's very bad. Having SSH open on a WAN interface results in an almost immediate brute force attack, and if they got your password your box is no longer yours. Nuke and pave is the only way back to a trusted space.
    flyboy320 and Kryptonit3 like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,197

    Default

    The warning seems to be ignored.

    ssh-enable-warning.png
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Newbie
    Join Date
    Jan 2020
    Posts
    7

    Default

    Once re-installed, can I use a backup of the system configuration, or could the configuration be compromised, and I should reconfigure from scratch?

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,251

    Default

    That alert says nothing about inappropriate access. Even a strong password is only single factor, and single factor authentication for any administration platform is WEAK.

    This applies to the Web UI just as much as it does SSH. And Untangle's lack of a 2nd factor in obvious places like this is really rather grating. I'd be more upset about it, but Untangle's competition is actually WORSE at this, so there's zero pressure to actually fix it.

    Not that I want to see some cloud integrated mess with SMS codes, or a similar infrastructure for proper push MFA. But at the very least the default rules can be LAN specific, just like HTTPs administration is.

    The configuration is fine, just backup the unit, pave it and restore it. Though you'll want to take a careful look at the access rules under advanced. If you want to be crazy safe, restore without networking.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Newbie
    Join Date
    Sep 2020
    Posts
    11

    Default

    Just realized that enabling SSH opens it up on WAN. Yikes.

  8. #8
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    Quote Originally Posted by flyboy320 View Post
    Once re-installed, can I use a backup of the system configuration, or could the configuration be compromised, and I should reconfigure from scratch?
    This is an interesting question.
    All internal configuration files are going to get over-written

    All of your GUI configuration is visible to you.
    I think the risk of restoring a backup is extremely small.

    You can inspect and export 'settings changes' for confidence here:
    settings.png

  9. #9
    Newbie
    Join Date
    Jan 2020
    Posts
    7

    Default

    Thanks for the advice and help

    I was able to re-install and use a backup for the settings. The only issue I had was the download firewall version from Untangled is version 15.00 and my current backup is from 15.1 and it wouldn't let me use that backup. Luckily I had some old ones that were made when I was on version 15.0.
    Last edited by flyboy320; 09-13-2020 at 12:05 PM.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,251

    Default

    Why didn't you download it fresh? 15.0 is Debian 9, 15.1 is Debian 10... that's a HUGE upgrade to wait for, and a risky one.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2