Casper Remote – Using Custom SSH Port

Casper Remote – Using Custom SSH Port


casper remote custom ssh port

Overview


Casper Remote is an application from JAMF Software that allows you to immediately perform remote management tasks on computers, such as installing packages, running scripts, and binding to directory services.  All of these tasks can be performed via policy in the JAMF Software Server (JSS), however Casper Remote allows you to initiate them immediately.

Casper Remote Window
Details


In some environments, you might implement custom Secure Shell (SSH) ports for additional security measures, some argue that this is “security through obsurity”, but if you follow the best practices in securing SSH, this can be additional icing on your SSH security cake, at the very least it will decrease SSH attempts and make your log file a little smaller. Or if you really don’t want/need to use SSH to manage your clients, don’t turn it on. OS X El Capitan comes with OpenSSH:

Note, if you turn it off SSH, you will not be able to use Casper Remote, but if you use other remote support tools like Bomgar, ScreenConnectTeamViewer, etc. it might not be necessary for your environment.
Security Cake
For example, here are some SSH security best practices:
  • Only Use SSH Protocol 2
  • Limit Users’ SSH Access
  • Configure Idle Log Out Timeout Interval
  • Disable .rhosts Files
  • Disable Host-Based Authentication
  • Disable root Login via SSH
  • Enable a Warning Banner
  • Firewall SSH Port(s)
  • Use Strong SSH Passwords and Passphrase
  • Use Public Key Based Authentication
  • Use Keychain Based Authentication
  • Chroot SSHD (lock down users to their home directories)
  • Disable Empty Passwords
  • Use TCP Wrappers
  • Thwart SSH Crackers (brute force attack)
  • Rate-limit Incoming SSH Port Connections
  • Use Port Knocking
  • Use Log Analyzer
  • Patch OpenSSH and Operating Systems

Casper Remote – Custom SSH Configuration


Casper Remote will use the standard SSH port of 22, unless you follow the steps below to have Casper Remote use your custom SSH port.

In current user’s home folder running the Casper Remote application, you need the following folder:

That contains a file named “config” with the following configuration:

Multiple SSH Configurations


You can setup multiple ssh configurations based on hostname or pattern, etc. and assign a specific port or other ssh configuraiton options.

From the ssh_config man page:

So, if you want to use multiple SSH configurations like the server you use the SSH standard port “22”, but everything else use custom port, you can use the following in your ssh config file:

You can create the above “config” file and configuration with the following command:

Then you would not need to specify the port option everytime you use SSH to connect to a server or client that uses the standard SSH port.

OS X – Changing Default SSH Port


Here is one method of changing the default SSH port on a OS X client or server.

Edit Services File
Open the services files located at:

You should already see the following lines in the file:

Add the following two ssh lines to the bottom of the file, but change the port number 22 to something else chosen from the list of unassigned ports, and created a new name for your SSH service.

For example:

Next, make a copy of Apple’s default SSH plist file:

Change the label to match your plist name, for example:

To prevent Bonjour from advertising your new service by deleting these lines:

Next, specify the service name so it matches what you added to /etc/services file by editing under the ‘Sockets’ key:

Load Custom Property List File
Next, load your custom property list file using the following command:

For example:

Testing Custom SSH Port

Next, you want to test the custom SSH port using the following command:

 

No Comments

Leave a Reply