Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 06-03-2014, 03:15 PM   #1
Registered: May 2014
Location: Bristol, United Kingdom
Distribution: RHEL 5 & 6
Posts: 169

Rep: Reputation: Disabled
Securing SSH

Hey Guys,

Another quick question...

As some may know I'm re-sitting my RHCE Exam on Friday and I'm going through some studying to make sure I've got it all nailed.

My query is regarding the securing of SSH Connections. I know there are many ways to secure connections from SSH, so I'll list the few I know... but my question is, what is known as the best? I know that Redhat does not really mind how you do something as long as the outcome is what they require, so again this question is by no means exam related.. it's actually more for me. If I were to do this with my servers what would be best..

I know that we can;
  1. Create custom IPTABLE rules allowing SSH only from a certain source
  2. Edit the ssshd_config file and add a network to 'AllUsers'
  3. Set hosts.deny to ALL:ALL and then add ssh: x.x.x.x to hosts.allow
  4. Add ALL:ALL to hosts.allow and then restrict a certain network by adding sshd : x.x.x.x to deny a certain address

So there are a few ways of achieving the same or similar task.. but which is the industry standard *best practice* way of doing it?

Old 06-03-2014, 07:05 PM   #2
LQ Newbie
Registered: May 2009
Location: England, UK
Distribution: Ubuntu 16.04
Posts: 21

Rep: Reputation: 0
Also you might consider (if you haven't already, that is) having a good password or better still use RSA key authentication.

Running ssh on non-standard port. (Although in my opinion thats security through obscurity == not real security)

And then there are useful monitor stuff like fail2ban

Old 06-04-2014, 05:49 AM   #3
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,406

Rep: Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396
It really depends on the situation, not to mention you'd normally use more than one technique at the same time.
I'd definitely add setting 'PermitRootLogin no' in /etc/ssh/sshd_config
Old 06-04-2014, 06:00 AM   #4
Registered: May 2014
Location: Bristol, United Kingdom
Distribution: RHEL 5 & 6
Posts: 169

Original Poster
Rep: Reputation: Disabled
Hey guys,

Thanks for your responses.

If the requirement were simple to allow SSH to all bar the network

Would a sufficient solution be;

iptables -I INPUT -s -p tcp --dport 22 -j REJECT

I guess the point I'm making is that the above firewall rule would achieve the task in hand.. but is there a 'nicer' way of achieving that same goal?



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] securing ssh logins dinakumar12 Linux - Server 2 09-15-2010 01:40 AM
Securing SSH via Webmin scottt20 Linux - Server 3 01-28-2010 02:22 PM
Securing SSH ZilverZtream Linux - Security 5 12-10-2004 03:33 PM
securing ssh robberttheman Linux - Security 8 08-27-2004 07:36 AM
Securing SSH tarballedtux Linux - Security 3 11-16-2002 04:45 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:21 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration