1

I have already installed cygwin (running sshd) on windows 2003 DC several times.

But now another admin who is actually responsible for this domain asked my if this is really safe.

Edit:: I changed the question to make it better fit the accepted answer. I have moved the other part of the question that I had originally in mind to a new thread, please klick here.

mit
  • 1,844
  • 6
  • 29
  • 42
  • Do you actually use the ssh server, or does it just make you "feel good" to have it there? Windows command line is so limited, I have a hard time believing an ssh server would be useful. Take that in to consideration when weighing the benefit as described by Evan below. – James May 18 '11 at 02:36
  • @james I use ssh for ad hoc tunneling, for instance i always tunnel rdp through it. my workstation is linux, so it makes some sense – mit May 22 '11 at 12:58
  • @james so I use ssh for tunneling some ports, for instance the rdp port 3389. but the comandline is also becoming useful, if you have cygwin running. that is what cygwin was made for. of course it does not replace the windows gui. – mit May 22 '11 at 13:12
  • I like to use stunnel for stuff like that. – James May 23 '11 at 12:58

2 Answers2

4

In general you want to avoid having excess services installed on servers. Given the sensitive job of Active Directory domain controller computers (storing user credentials and performing authentication) you should be even more concerned about them than, say, a file server.

Having said that, though, a server computer with no software installed would be pretty useless. You need to make a risk assessment, weigh that against the benefit provided by the software, and decide on that basis. That general process is what you need to work through for each service you expose (even if it's just something you do "in your head" versus a formal process). Wantonly exposing services without weighing the risk (or worse, exposing them when there's no benefit-- think default IIS installations in Windows 2000 Server) is a bad idea.

To speak to your particular query:

OpenSSH has been subject to a fair amount of scrutiny by the community, given the nature of the service it provides. Unfortunately, to allow sshd to impersonate users you're going to have to run it with a fairly privileged credential (SYSTEM, in most cases) so a bug in the daemon itself could result in a remote SYSTEM-level compromise. Admittedly I think the chances of such a compromise in OpenSSH are fairly low but it's still a possibility.

You should have some kind of rate limiting on inbound connection attempts (to prevent DOS attacks-- I like sshd_block, personally). You should think strongly about allowing certificate-based logons only (rather than passwords). You should limit the number of users who can access to the server via SSH to only those who need access. You should disable port forwarding and / or SFTP if you don't need these features.

A summary of my feelings would be as follows: Think through what you're doing and do your "homework" when setting things up and you'll be fine.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
1

I can't think of anything that could go wrong, but that doesn't mean a hacker couldn't either.

James
  • 819
  • 4
  • 10