+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: Remote Access (https://www.linux-noob.com/forums/forum-88.html)
+--- Thread: SSH Security (/thread-2978.html)
SSH Security - xDamox - 2004-12-23
This is a little tutorial on SSH, I though I would make my contribution ;)
The first trick is changing the SSH servers port and enforing clients to use SSH protocol version 2 this can be accomplished simply by editing the /etc/ssh/sshd_config
Code:
#Port 22
#Protocol 2,1Delete the hashs '#' where Port has its number 22 set that to any number you want once you
have change the port you can simple delete the colon ',' also deleting the 1 so it should look like:
Code:
Port 22
Protocol 2Now to enfore Strictmode, "StrictMode" is a setting to make sure that the transversal
to the user's ssh settings are correctly set to non-writable modes and
correct ownership so that access to the account is strictly enforced.
edit /etc/ssh/sshd_config and you should see
Code:
#StrictModes yesdelete the comment so that the SSH server will read it and enfore StrictMode.
well thats about it [img]<___base_url___>/uploads/emoticons/default_rolleyes.gif[/img]
SSH Security - znx - 2005-03-31
nice..
I would suggest on top of those options.. these !
Code:
#stops possible escalation of user privileges
UsePrivilegeSeparation yes
#force a nice timeout
LoginGraceTime 600
#dont allow root logins (only allow wheel group users to su/sudo up)
PermitRootLogin no
#dont allow empty passwords
PermitEmptyPasswords no
#dont send the password in cleartext
PasswordAuthentication no