LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page how do i secure sshd?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-30-2005, 12:01 AM   #1
artofluke
Member
 
Registered: Sep 2003
Posts: 37

Rep: Reputation: 15
how do i secure sshd?

I'm running sshd so I can login to my computer remotely, but have absolutely no idea how to start securing it, and haven't taken any security measures...any ideas? Links?
 
Old 03-30-2005, 12:17 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
here's a couple basic things you can get started with...

make sure you only allow protocol 2 and don't allow root logins...

in your /etc/ssh/sshd_config:

Code:
Protocol 2
Code:
PermitRootLogin no
also, it's not a bad idea to run sshd on a non-default port so that spiders and script kiddies scanning for open 22/TCP ports don't run into you so easily... for example:

Code:
Port 2299
just my two cents...
Last edited by win32sux; 03-30-2005 at 12:19 AM.
 
Old 03-30-2005, 12:29 AM   #3
dalek
Senior Member
 
Registered: Jul 2003
Location: Mississippi USA
Distribution: Gentoo
Posts: 2,058
Blog Entries: 2

Rep: Reputation: 79
www.google.com/linux is a good friend. Proof:

http://www.linux.org/docs/ldp/howto/Security-HOWTO/

http://www.siliconvalleyccie.com/lin...ssh-server.htm

http://www.ibiblio.org/pub/Linux/doc...HOWTO.html#ssh

That should help a bit.

Later
 
Old 03-30-2005, 08:26 AM   #4
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 474

Rep: Reputation: 30
In your sshd_config file:


1) PermitRootLogin no

2) AllowUsers list_of_users_who_can_ssh

3)Use PublicKey authentication and disable pass auth.

PasswordAuthentication no
PermitEmptyPasswords no

4) StrictModes yes

5) Use Only protocol 2

6) Use iptables to restrict the IPs from where somebody can ssh to your server

7) Eventually run ssh on a port other than 22

5)You can also use port knocking ( www.portknocking.org )
 
Old 03-30-2005, 06:05 PM   #5
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
And keep you sshd up to date. Visit their site and see when new versions come out.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD with secure & non-secure logins Ricci Graham Linux - Software 6 02-24-2020 11:49 PM
Sshd TimeBandit Linux - Software 4 06-20-2005 11:00 AM
Secure email (SSL vs. secure authentication) jrdioko Linux - Newbie 2 11-28-2004 01:39 PM
Enabling SSH in mandrake 9.2 - sshd vs. sshd-xinetd DogTags Linux - Newbie 7 11-25-2003 12:17 PM
vsftpd very very secure, so secure i can't use it... baronsam Linux - Networking 4 10-06-2003 06:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:46 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration