Recent Changes - Search:

Softwares

.

Securing-SSH-Service-Linux-Ubuntu-Redhat-Server

Main.Securing-SSH-Service-Linux-Ubuntu-Redhat-Server History

Hide minor edits - Show changes to markup

Added lines 1-49:

(:Google1:) (:Googlemmmm:)

  • Securing SSH Service Linux Ubuntu Redhat Server

We need to have ssh installed to secure it, for debian based distro we can install it using the command apt-get, apt-get install ssh will install ssh on the server for you.

Some of the configuration files are as follows.


/etc/ssh$ ls -l
total 160
-rw-r--r-- 1 root root 132839 2006-05-18 06:13 moduli
-rw-r--r-- 1 root root   1423 2006-10-05 15:13 ssh_config
-rw-r--r-- 1 root root   1909 2007-08-26 20:06 sshd_config
-rw------- 1 root root   1192 2006-09-28 07:28 ssh_host_dsa_key
-rw-r--r-- 1 root root   1119 2006-09-28 07:28 ssh_host_dsa_key.pub
-rw------- 1 root root   1675 2006-09-28 07:28 ssh_host_rsa_key
-rw-r--r-- 1 root root    399 2006-09-28 07:28 ssh_host_rsa_key.pub

The file sshd_config should be modified to increase the security.

  • Make ssh listen on a given interface, if there are more than 1 interface.
  • Don't permit empty passwords.
  • Allow only certain users to have access to the machine.
  • Change the default port number, The default port number is 22, see http://www.iana.org/assignments/port-numbers
  • Protocall version 2
  • Disabling root access will make the attacker's life harder.
  • X11 _only _ if needed
  • AllowUsers, AllowGroups, DenyUsers and DenyGroups directives helps you to control better who's going to have remote access to that box.
  • remote logins only from known/trusted hosts
  • Use sshd : IPaddress in /etc/hosts.allow and the line "sshd: ALL" in the /etc/hosts.deny
  • Enable keyfile based login

(:Googlemm:)

Edit - History - Print - Recent Changes - Search
Page last modified on January 22, 2008, at 03:46 PM