Securing SSH

[WelshTom]

Securing SSH is vitally important. Here are a few simple steps which will help you secure SSH on your server.

The first thing you should do is change the port that SSH listens on. This will help prevent automated-hacking tools from trying to brute force their way into your server.

To do this, open your SSH client (Putty is recommended).

Login to your server.

At the command line, you need to go to /etc/ssh

To do this, type "cd /etc/ssh" and hit enter.

You then need to edit the SSH config file. To do this, type "vi sshd_config" at the command prompt.

You will then be presented with the SSH config, please be careful when editing this file - as if you break it, SSH can fail and you will not be able to access your server.

You need to look for the line which should look like the following:

Quote:

Port 22

To change the SSH port, simply hit the insert key on your keyboard, and change 22 to a port of your choice. Please make sure that you open the port in any firewall modules which you have installed, and that the port isn't already in use by some other application.

When you have changed the port number, simple hit escape on your keyboard, and then type ":wq" and hit enter. This will save the file and return you to the console.

When this is done, you'll need to restart SSH as follows:

"service sshd restart"

When I get a bit more time, I'll explain on how to disable Password Authentication, to make your server more secure.

[Rock]

Hey Tom

Here's a small one from me.. supporting/securing your views further...

Securing SSH (Secure Shell) :

It's a protocol which supports logging into a remote system or executing commands on a remote system, using an encrypted communication between the two systems. Hence securing it; itself is a method of securing the server

By default SSH runs on version 1 and allows direct root access to the system. In order to secure the server steps should be taken to disable direct root access within the sshd_config file and any user should be forced to use only protocol 2. Protocol 2 is more secure than 1.

Here's a simple procedure on getting this done quickly:

Quote:

1) vi /etc/ssh/sshd_config
2) Change Protocol 2,1 to Protocol 2
4) PermitRootLogin yes = no
5) Restart SSHD: /etc/rc.d/init.d/sshd restart

Note: Please make a backup of any files you modify, incase you change anything unexpectedly, restoring the system to the original state becomes easier

[Rock]

Further more, SSH can be resource hogger/intensive for your server too if not setup properly, in other words, it can use up all of your resources making the server unusable or rather taking the complete system down .. -

You can limit/prevent such applications and scripts to stay within the limits by setting up the "Shell Resource Limits" for the users.
You can configure shell resource limits in /etc/security/limits.conf on most Linux systems..

Note: Please make a backup of any files you modify, in case you change anything unexpectedly, restoring the system to the original state becomes easier...

[Scothorse]

Ouch, telling people to use vi is a dangerous move pico is more user firendly

[WelshTom]

Quote:

Originally Posted by Scothorse

Ouch, telling people to use vi is a dangerous move pico is more user firendly

lol - SSH is a CLI - it's not designed to be user-friendly - nor the stuff which runs on it

[Rock]

Quote:

Originally Posted by WelshTom

lol - SSH is a CLI - it's not designed to be user-friendly - nor the stuff which runs on it

Rightly said ! SSH isn't user friendly, but it's rather more powerful than the GUI mode..
My vote goes for SSH mode for sure.. It's been years I haven't touched GUI..

[eUKhost.com]

Quote:

Originally Posted by Scothorse

Ouch, telling people to use vi is a dangerous move pico is more user firendly

yes

Pico is more user friendly and less memory intensive. I'm the only person in our company who uses pico as all other staff members prefer only vi.