SSH Security

[xDamox]

This is a little tutorial on SSH, I though I would make my contribution ;)

 

The first trick is changing the SSH servers port and enforing clients to use SSH protocol version 2 this can be accomplished simply by editing the /etc/ssh/sshd_config

 

Code:

#Port 22
#Protocol 2,1

 

Delete the hashs '#' where Port has its number 22 set that to any number you want once you

have change the port you can simple delete the colon ',' also deleting the 1 so it should look like:

 

Code:

Port 22
Protocol 2

 

Now to enfore Strictmode, "StrictMode" is a setting to make sure that the transversal

to the user's ssh settings are correctly set to non-writable modes and

correct ownership so that access to the account is strictly enforced.

 

edit /etc/ssh/sshd_config and you should see

 

Code:

#StrictModes yes

 

delete the comment so that the SSH server will read it and enfore StrictMode.

 

well thats about it [img]<___base_url___>/uploads/emoticons/default_rolleyes.gif[/img]

[znx]

nice..

 

I would suggest on top of those options.. these !

 

Code:

#stops possible escalation of user privileges
UsePrivilegeSeparation yes

#force a nice timeout
LoginGraceTime 600

#dont allow root logins (only allow wheel group users to su/sudo up)
PermitRootLogin no

#dont allow empty passwords
PermitEmptyPasswords no

#dont send the password in cleartext
PasswordAuthentication no