Monday, August 15, 2016

Securing SSH Simple Way

Change SSH port. Yes, it's not the best protection, but it helps you.
Default port is 22 and this change through/etc/ssh/sshd_config at the line Port 22.

Use SSH protocol version 2. At the line Protocol 2.

Forbid root login to access through SSH.
In /etc/ssh/sshd_config at the line PermitRootLogin yes change to no.

Enable only someone users: AllowUsers UserName.

SSH server can be set to listen only some IP address.
ListenAddress Or, you can set /etc/hosts.allow and /etc/hosts.
deny specific IP address which have access to specific services.
/etc/hosts.allow:
ALL: localhost #enable access to all services for localhost
ALL: 192.168.100.101 #enable access to all services for this IP address
sshd: 110.120.130.140 #enable access to the SSH server only from this IP address

/etc/hosts.deny:
ALL: 10.13.14.15 #forbid access to all services for this IP address
sshd: 100.101.102.103 #forbid access to the SSH server from this IP address

Forbid X mode. X11Forwarding yes change to no.

You can use SSH key instead of password.
How to do: SSH Password-less Login - Using Key AuthenticationUse 

No comments:

Post a Comment