LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-21-2006, 01:36 PM   #1
cynick
LQ Newbie
 
Registered: Jul 2005
Posts: 13

Rep: Reputation: 0
allow SSH service securely


How do I best allow for an ssh access to my home desktop,
w/ minimum security risk?

1) what router would you recommend?
2) open port 33243 for example at the router and forward it to sshd port?
3) stronger username/password..

What else? Am I doing something wrong/ missing something?

Thanks,
Nick
 
Old 04-21-2006, 01:42 PM   #2
lucktsm
Member
 
Registered: May 2004
Location: Atlanta, GA USA
Distribution: Redhat ES4, FC4, FC5, slax, ubuntu, knoppix
Posts: 155

Rep: Reputation: 30
Cynick,

Make sure you configure the ssh server to only except connections via sshv2. By moving it to a different port that will help you as well. Another idea is only allow the user id or id's you want to have access. In your sshd.conf you can put in either users or groups to have access.

Change your password frequently and make it a strong password. You can also look into using shared keys. However, I am not sure how to implement that.
 
Old 04-21-2006, 02:48 PM   #3
ralvez
Member
 
Registered: Oct 2003
Location: Canada
Distribution: ArchLinux && Slackware 10.1
Posts: 298

Rep: Reputation: 30
Another option, if you always use the same computer for remote connection, is to allow ssh access to the specific ip address of that workstation, so that it makes it all that more difficult for someone to access your machine via ssh ... unless they are cracking from your office.
 
Old 04-21-2006, 10:43 PM   #4
spooon
Senior Member
 
Registered: Aug 2005
Posts: 1,755

Rep: Reputation: 51
* make sure root login is disabled ("PermitRootLogin no" in sshd_config)
* if possible, disable passwords altogether and only use public keys
* install DenyHosts; packages exist on most distros
 
Old 04-21-2006, 11:22 PM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Take a look at the "man sshd_config" man page. The entries for AllowUsers and DenyUsers can be used to control who and from where a user can log in. There are also AllowGroups and DenyGroups entries which can be used if there are many users who are allowed to log in. You could make a new group and use it to control access, by only allowing members of the group to log in. This makes it easy to control who can and can't log in via sshy by controlling who is a member of this group. This config uses the "*" and "?" wild cards. In the very least, the system users should be listed in DenyUsers

I'm not certain if the UsePAM option would affect this access control.

Last edited by jschiwal; 04-21-2006 at 11:59 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to enable ssh service on suse 10? ArthurHuang SUSE / openSUSE 8 09-15-2017 07:33 AM
Starting SSH service jordanfang *BSD 3 04-03-2006 03:49 AM
a question about ssh service sumargin Linux - Networking 4 12-16-2005 05:03 AM
Can't SSH until restart service Da Puff Mandriva 4 09-14-2005 09:51 PM
mysqld doesn't chroot securely markus1982 Linux - Security 12 03-07-2004 09:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration