Recent Changes - Search:

Softwares

.

Securing-SSH-Service-Linux-Ubuntu-Redhat-Server

Main.Securing-SSH-Service-Linux-Ubuntu-Redhat-Server History

Hide minor edits - Show changes to output

Added lines 1-49:
(:Google1:)
(:Googlemmmm:)
*Securing SSH Service Linux Ubuntu Redhat Server

We need to have ssh installed to secure it, for debian based distro we can install it using the command apt-get, apt-get install ssh will install ssh on the server for you.

Some of the configuration files are as follows.

[@

/etc/ssh$ ls -l
total 160
-rw-r--r-- 1 root root 132839 2006-05-18 06:13 moduli
-rw-r--r-- 1 root root 1423 2006-10-05 15:13 ssh_config
-rw-r--r-- 1 root root 1909 2007-08-26 20:06 sshd_config
-rw------- 1 root root 1192 2006-09-28 07:28 ssh_host_dsa_key
-rw-r--r-- 1 root root 1119 2006-09-28 07:28 ssh_host_dsa_key.pub
-rw------- 1 root root 1675 2006-09-28 07:28 ssh_host_rsa_key
-rw-r--r-- 1 root root 399 2006-09-28 07:28 ssh_host_rsa_key.pub

@]

The file sshd_config should be modified to increase the security.

*Make ssh listen on a given interface, if there are more than 1 interface.

*Don't permit empty passwords.

*Allow only certain users to have access to the machine.

*Change the default port number, The default port number is 22, see http://www.iana.org/assignments/port-numbers

*Protocall version 2

*Disabling root access will make the attacker's life harder.

*X11 _only _ if needed

*AllowUsers, AllowGroups, DenyUsers and DenyGroups directives helps you to control better who's going to have remote access to that box.

*remote logins only from known/trusted hosts

*Use sshd : IPaddress in /etc/hosts.allow and the line "sshd: ALL" in the /etc/hosts.deny

*Enable keyfile based login



(:Googlemm:)
Edit - History - Print - Recent Changes - Search
Page last modified on January 22, 2008, at 10:46 AM