Recent Changes - Search:




Main.Securing-SSH-Service-Linux-Ubuntu-Redhat-Server History

Hide minor edits - Show changes to output

Added lines 1-49:
*Securing SSH Service Linux Ubuntu Redhat Server

We need to have ssh installed to secure it, for debian based distro we can install it using the command apt-get, apt-get install ssh will install ssh on the server for you.

Some of the configuration files are as follows.


/etc/ssh$ ls -l
total 160
-rw-r--r-- 1 root root 132839 2006-05-18 06:13 moduli
-rw-r--r-- 1 root root 1423 2006-10-05 15:13 ssh_config
-rw-r--r-- 1 root root 1909 2007-08-26 20:06 sshd_config
-rw------- 1 root root 1192 2006-09-28 07:28 ssh_host_dsa_key
-rw-r--r-- 1 root root 1119 2006-09-28 07:28
-rw------- 1 root root 1675 2006-09-28 07:28 ssh_host_rsa_key
-rw-r--r-- 1 root root 399 2006-09-28 07:28


The file sshd_config should be modified to increase the security.

*Make ssh listen on a given interface, if there are more than 1 interface.

*Don't permit empty passwords.

*Allow only certain users to have access to the machine.

*Change the default port number, The default port number is 22, see

*Protocall version 2

*Disabling root access will make the attacker's life harder.

*X11 _only _ if needed

*AllowUsers, AllowGroups, DenyUsers and DenyGroups directives helps you to control better who's going to have remote access to that box.

*remote logins only from known/trusted hosts

*Use sshd : IPaddress in /etc/hosts.allow and the line "sshd: ALL" in the /etc/hosts.deny

*Enable keyfile based login

Edit - History - Print - Recent Changes - Search
Page last modified on January 22, 2008, at 10:46 AM