RSS Subscription
Linux Howtos & Tutorials

Enter your email:

Delivered by


NOTE:New tutorials are from LinuxCareer.com

Latest Linux Jobs

Poll

Do you own or wish to have iPhone?
 

Recently added ....

Linux eBooks FREE Download
A guide to programming Linux kernel modules
Introduction to Linux - A Hands on Guide
A Newbie's Getting Started Guide to Linux

Linux from Scratch - Create Your Own Linux System - Free eBook

Linux: The Hacking Solution (v.3.0)

SQLite 3 with PHP Essential Training – Free Video Training Tutorials

This guide will introduce you to the world of GNU/Linux

The GNU/Linux Advanced Administration

A Complete Beginner's Manual for Ubuntu 10.04 (Lucid Lynx)

Advanced Bash-Scripting Guide

Set up, maintain, and secure a small office email server
Partner Linux Sites:
How-To.LinuxCareer.com
Jobs.LinuxCareer.com
TuxMachines
Monsterb
LinuxBloggers
AdamsInfo
LinuxScrew
All For Linux
Web
linuxconfig.org

Popular Linux Tutorials

How To secure ssh

Last Updated on Wednesday, 04 August 2010 08:06 Wednesday, 04 August 2010 07:40

Article Index
1. Change a default ssh port number
2. Allow only specific host to connect
3. Allow only specific users to login
4. Do not allow root ssh login

Here are couple ways on how to change your sshd default configuration settings to make ssh daemon more secure / restrictive and thus protecting your server from unwanted intruders.

NOTE:

Everytime you make changes in the sshd configuration file you need to restart sshd. By doing so your current connections will not be closed ! Make sure that you have a separate terminal open with root logged-in in case that you do some misconfiguration. This way you do not lock your self out from your own server.

1. Change a default ssh port number

First, it is recommend to change your default port 22 to some other port number higher then 1024. Most of the port scanners do not scan ports higher then 1024 by default. Open sshd configuration file /etc/ssh/sshd_config and find a line which says

Port 22

and change it to:

Port 10000

now restart your sshd:

 /etc/init.d/ssh restart

From now on you will need to login to your server using a following command:

ssh -p 10000 name@myserver.local

2. Allow only specific host to connect

In this step we wil impose some resctrictions on from which IP address is a client able to connect vie ssh to the server. Edit /etc/hosts.allow and add line:

sshd: X

where X is a IP address of the host allowed to connect. If you wich to add more IP addresses list separate each IP address with " ".
Now deny all other host by editing /etc/hosts.deny file and add a following line:

sshd: ALL

3. Allow only specific users to login

Not every user on the system needs to use ssh server facility to connect. Allow only specific users to connect to your server. For example if user foobar is has an account on your server and this is the only users which needs an access to the server via ssh you can edit /etc/ssh/sshd_config and add line:

AllowUsers foobar

If you wich to add more users to the AllowUsers list separate each user name with " ".

4. Do not allow root ssh login

It is always wise to not to connect via ssh as a root user. You can enforce this idea by editing /etc/ssh/sshd_config and changing or creating line:

PermitRootLogin no

 

Share this linux post:

Submit How To secure ssh in Delicious Submit How To secure ssh in Digg Submit How To secure ssh in FaceBook Submit How To secure ssh in Google Bookmarks Submit How To secure ssh in Stumbleupon Submit How To secure ssh in Technorati Submit How To secure ssh in Twitter
 
Comments for this page are closed !!!
Please visit our new Linux Forum for additional help or discussion.
Linux eBooks FREE Download
back to top