CVE-2024-6387 is a critical vulnerability in OpenSSH that impacts systems using the glibc library. This vulnerability allows remote code execution (RCE) as root for unauthenticated users by exploiting a flaw in the default configuration of OpenSSH, particularly related to the LoginGraceTime parameter. Immediate action is required to secure your systems. This article provides a step-by-step guide to mitigate this vulnerability and enhance your overall SSH security.

Steps to Mitigate CVE-2024-6387

1. Update OpenSSH and glibc

Ensure that you are running the latest versions of OpenSSH and the glibc library, as security patches may have been released to address this vulnerability.

Debian-based Systems

Open a terminal and run the following commands:

sudo apt update
sudo apt upgrade openssh-server libc6

RPM-based Systems

Open a terminal and run the following commands:

sudo yum update openssh-server glibc

Regularly check your distribution’s advisories for specific instructions and updates.

2. Modify SSH Configuration

After updating, you need to modify your SSH configuration to reduce the risk of exploitation.

Edit sshd_config

Locate and edit the OpenSSH server configuration file, typically found at /etc/ssh/sshd_config.

1. Reduce LoginGraceTime: Lower the LoginGraceTime parameter to minimize the window for potential exploitation. The default is usually set to 2 minutes; reducing it to 30 seconds is advisable.

   LoginGraceTime 30

2. Disable Root Login: If root login is not necessary, disable it to enhance security.

   PermitRootLogin no

3. Restrict User Access: Ensure that only necessary users have SSH access.

   AllowUsers specific_user

3. Implement Additional Security Measures

Further secure your SSH access by implementing these additional measures:

Key-based Authentication

Switch from password-based authentication to SSH key-based authentication:

PasswordAuthentication no
PubkeyAuthentication yes

Two-Factor Authentication

Enable two-factor authentication (2FA) for SSH access to add an extra layer of security.

Restrict IP Access

Use firewall rules to restrict SSH access to specific IP addresses or networks.

Using ufw on Ubuntu

sudo ufw allow from <trusted_ip> to any port 22

Using firewalld on CentOS/RHEL

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="<trusted_ip>" port port=22 protocol=tcp accept'
sudo firewall-cmd --reload

4. Monitor and Audit

Regularly monitor and audit your SSH access to detect any unusual activities.

1. Monitor SSH Logs: Regularly check SSH logs for any unauthorized login attempts:

   sudo tail -f /var/log/auth.log

2. Implement Intrusion Detection Systems (IDS): Use IDS to detect and alert on suspicious activities.

5. Additional Hardening

Further harden your SSH server with the following measures:

Install and Configure fail2ban

fail2ban can automatically block IP addresses that show malicious signs.

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

6. Stay Informed

Stay up-to-date with the latest security updates and advisories:

• OpenSSH Security Advisory: OpenSSH Security

• National Vulnerability Database (NVD): NVD

• Ubuntu Security Notices: USN

• Red Hat Security Data: Red Hat

Conclusion

By following these steps, you can mitigate the risks associated with CVE-2024-6387 and enhance the security of your SSH configuration. Regular updates, configuration changes, and additional security measures are crucial in protecting your systems from potential exploits. Stay vigilant and informed to ensure your infrastructure remains secure.

The post Mitigating CVE-2024-6387: A Comprehensive Guide appeared first on Hivelocity Hosting.

Perform the following on your license server:

Go to “Start” -> “Run” -> type “Regedit” and press the “Enter” button.

Navigate to the following key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TermServLicensing\Parameters

Change the Role Type value from 0 to 1. 0 is for a domain level terminal server and 1 is for a Enterprise License Server.

Go to “Start” -> “Run” and type “Adsiedit.msc” and press “Enter” button.

Note: In

The post Change terminal license server from domain mode to enterprise mode? appeared first on Hivelocity Hosting.

The post Install Terminal Services. appeared first on Hivelocity Hosting.

1.. Open Terminal Services Manager. Start>Administrative Tools>Terminal
Services Manager
2.. Right-click the session to which you want to connect, and then click
Connect.

You are connected to the new session and disconnected from your previous
session.

Notes:

a.. You can always connect to a session in which you are logged on with
the same user account. To connect to another user’s session, you must have
either Full Control or User Access permission.
b.. To open Terminal Services Manager, click Start, click Control Panel,
double-click Administrative Tools, and then double-click Terminal Services
Manager.
c.. You can connect to another session only from within an existing
session. You must open Terminal Services Manager, or use the tscon command,
from within a session to be able to connect to another session.
d.. You can connect to a session only if it is in either an active or
disconnected state.
e.. You cannot connect to another session from the console session.

The post How do I connect to another user’s Terminal Services session? appeared first on Hivelocity Hosting.