Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

forgot password?



Reply


Old
  Post #1 (permalink)   06-07-2007, 08:30 PM
HD Newbie
 
Join Date: Jun 2007
Posts: 19

Status: ZenOswyn is offline
Hey everybody,
I was reading through the SSH commands and I thought a small guide on setting up some basic security around the openSSH daemon might be good post.

First of all, this is by no means a complete guide to SSH security, just a few suggestions that will take care of some basic exploits, and prevent a majority of them as well. Looking over the man pages for sshd_config is still a great idea.

These three points are just the easiest ways to eliminate the greatest number of possible attack points.

1. Disable root login
Can't stress this one enough. Always use su or sudo to execute commands as root from your normal account. How to do it: in your openSSH config file (usually /etc/ssh/sshd_config, or just /etc/sshd_config) change the line "PermitRootLogin yes" to "PermitRootLogin no". As you can see, it's not very hard to change the config files.

2. Only allow your username to login
This is kind of a follow up to the first. You may have to add this line, but the command is "AllowUsers username", where "username" is the username you want to be able to login via SSH.

3. Change The SSH Listening Port
Changing the port that the daemon listens to for incoming connections will enable you to avoid a slew of attacks. A lot of people use 2222, which means you should find another port to change it to. This is done through the "Port" line, and by default it is set to 22.

By changing it, you avoid being recognized by port scanning software that checks for common ports. Just make sure the port isn't being used by something else before you change it.
 
 
 


Old
  Post #2 (permalink)   07-01-2007, 10:23 AM
HD Addict
 
Join Date: May 2006
Posts: 129

Status: alemcherry is offline
These are simple, but very important and effective points. I used to get a log of attempted logins, and boy - it was really surprising.
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: