Knowledgebase
Knowledgebase
Portal Home > Knowledgebase > Articles Database > secure and restrict SSH access
secure and restrict SSH access
Posted by hosein, 08-23-2007, 04:42 AM Hi, 1.Who can I secure and restrict SSH access ? Thank You
Posted by macker, 08-23-2007, 04:52 AM Provide more detail about what you're trying to do.
Posted by hosein, 08-23-2007, 04:57 AM I only need a way to secure my SSH and hardening it.
Posted by macker, 08-23-2007, 05:22 AM Change port to something other than 22, but still <1024. (Preferrably a port that's not already listed in /etc/services, e.g. 922) Set the following options in /etc/ssh/sshd_config, if they aren't already: Protocol 2 PermitRootLogin no MaxAuthTries 2 PermitEmptyPasswords no AllowUsers user1 user2 user3 For AllowUsers, this is if you have only specific users who should ever SSH in. You can also set up DSA keys, instead of passwords; search for "ssh dsa keys ssh-keygen" or run 'man ssh-keygen' SSH is very secure as-is. Your passwords may not be. Changing the port just reduces the number of automated scans that will try to dictionary-attack your passwords. DSA keys are like SSL certs, but for SSH; you have to have the key AND a password for it. (two-factor authentication). For most people, using strong passwords (at least 8 characters, letters, numbers and a symbol or two, and not based on a dictionary word) and is sufficient, and changing the port cuts down on noise in the logs.
Add to Favourites 
Print this Article
Also Read
