Securing SSH



I REALLY like secure shell (SSH) for remote access to linux machines. You can do more than just a “telnet” like remote shell with it. (Port forwarding.) However, the default configuraton for the openssh-server is sometimes a bit less tight than I would like. For that reason on a new install, I usually like to make a few changes. I don’t know if I’ve mentioned this before, but I haven’t devoted a post JUST to this, so… here we go.


Under mandriva, the config file for the openssh server is at /etc/ssh/sshd_config First off, I like to make sure that just version 2 of the SSH protocol is used. This may break compatiblity with older clients that don’t support version 2. In a nutshell, v. 2 is a more secure implemenation
, and in my case, I don’t use anything that doesn’t support version 2… so… the following gets changed in the sshd_config – protocol 2,1 is commented out and protocol 2 added.

#Protocol 2,1
Protocol 2

Next, I like to make sure that root login is disabled…

PermitRootLogin no

After all, every system has a root user, why make it a bit easier for someone to brute force their way in?

I also like to setup a group called sshusers and limit access to just those that need to remotely get in.

AllowGroups sshusers

This way if I have a lame test account with an equally lame password, it can’t be remotely exploited this way (unless I’m dumb enough to add them to sshusers…)

The AllowUsers directive is another way to do this…
AllowUsers user1, user2, user3

These are just a couple steps you can take to tighten up your ssh server setup. For more on SSH usage and configuration you might consult the manual (man) pages, or may I suggest SSH, The Secure Shell: The Definitive Guide

Related Posts

Blog Traffic Exchange Related Posts
  • Extended support for XP Home and Media center I want to make a note of this here... Microsoft has announced that XP Home and Media center editions will get extended support on par with that of XP Pro. Essentially this means security updates for these versions of the OS should be available until 2014. Previously support for XP......
  • Network Security guide for the home or small business network - Part 6 - Secure your services This one is going to be tougher. Of what we've looked at so far this will probably take more work and learning than any of the others. The good news is, depending on your situation you may need to do less here. IF you have decided that your pc (or......
  • A closer look at x11vnc I've got to say, one of the things I really like about linux are the myriad of options for remotely administering a system. SSH is the one I use the most, but for the graphical you have x (especially on the LAN), nxserver (which is a compressed and optionally encrypted......
Blog Traffic Exchange Related Websites
  • Dreamhost Promo Code For 2011 We all know about Dreamhost one of the best web hosting provider in the world, when compared to other low quality hosting providers. Dreamhost is better in terms of features, support, reliability. It is also one of the fastest growing hosting platform which has about 800K+ web sites hosted online.......
  • Hostgator Coupon Code For August 2011 Last month, we discussed in detail on the features of Hostgator web hosting service. Also, i released the Hostgator coupon code which helps you to grab maximum offers on every hosting purchase. I am used to promote Dreamhost service by giving way promo codes every month. This time into Hostgator......
  • Comparison Between Free Of Charge And Paid Web Comparison between free of charge and paid Web security software has turn into a main subject of discussion amongst probably the most of all computer users recently. Numerous people who have employed both free of charge as well as paid Web security software place their strong opinions. Although many people......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site