Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SSH Security
#1

This is a little tutorial on SSH, I though I would make my contribution ;)

 

The first trick is changing the SSH servers port and enforing clients to use SSH protocol version 2 this can be accomplished simply by editing the /etc/ssh/sshd_config

 



Code:
#Port 22
#Protocol 2,1




 

Delete the hashs '#' where Port has its number 22 set that to any number you want once you

have change the port you can simple delete the colon ',' also deleting the 1 so it should look like:

 



Code:
Port 22
Protocol 2




 

Now to enfore Strictmode, "StrictMode" is a setting to make sure that the transversal

to the user's ssh settings are correctly set to non-writable modes and

correct ownership so that access to the account is strictly enforced.

 

edit /etc/ssh/sshd_config and you should see

 



Code:
#StrictModes yes




 

delete the comment so that the SSH server will read it and enfore StrictMode.

 

well thats about it [img]<___base_url___>/uploads/emoticons/default_rolleyes.gif[/img]

Reply
#2

nice..

 

I would suggest on top of those options.. these !

 



Code:
#stops possible escalation of user privileges
UsePrivilegeSeparation yes

#force a nice timeout
LoginGraceTime 600

#dont allow root logins (only allow wheel group users to su/sudo up)
PermitRootLogin no

#dont allow empty passwords
PermitEmptyPasswords no

#dont send the password in cleartext
PasswordAuthentication no




Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)