Ssh

From Terminal23wiki

This page contains notes and links on securely configuring SSH services. Unless something is considered a command, all entries below refer to lines in the config file.

The typical SSH configuration file is located: /etc/ssh/sshd_config
To restart SSH after any config changes: /etc/init.d/sshd restart

1 disallow root logins
2 allow only certain users to connect through ssh
3 force SSHv2 / do not allow SSHv1
4 change the port number ssh listens on
5 enable key-based logins
6 disable all password logins
7 references

[edit]

disallow root logins

This should be done to prevent attackers from trying to guess the password of the root account. If this is disabled, attackers need to not only guess a password, but the username as well. If root is allowed, they already know the username (root).

PermitRootLogin no

[edit]

allow only certain users to connect through ssh

If I want only the user "michael" to connect through SSH, I can add this line to the config file:

AllowUsers michael

[edit]

force SSHv2 / do not allow SSHv1

Protocol 2

[edit]

change the port number ssh listens on

Port 78

[edit]

enable key-based logins

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

[edit]

disable all password logins

This will actually prevent brute force logins and require only keys to be present.

PasswordAuthentication no

[edit]

references

http://fosswire.com/2008/01/02/bullet-proof-your-server-2-ssh/
http://fosswire.com/2007/03/26/use-key-based-authentication-with-ssh/

Retrieved from "http://wiki.terminal23.net/index.php/Ssh"

Ssh

From Terminal23wiki

Contents

disallow root logins

allow only certain users to connect through ssh

force SSHv2 / do not allow SSHv1

change the port number ssh listens on

enable key-based logins

disable all password logins

references

Views

Personal tools

main

Categories

admin

Search

Toolbox