Configuring SSH
- Hardening the SSH server
- Using other useful sshd options
- Configuring Key-Based authentication with passphrases
Hardening the SSH Server
Dictionary attacks are common against an SSH server.
The default SSH settings on Linux server uses port 22 and the Linux box has a root account.
Fortunately, you can take some measures to protect SSH servers against these kinds of attacks:
- Disable root login
- Disable password login
- Configure a nondefault port for SSH to listen on
- Allow specific users only to log in on SSH
Limiting Root Access
The Linux servers by default have root login enabled.
Disabling root login is easy.
- Modify the PermitRootLogin parameter in /etc/ssh/sshd_config
- Reload
- Restart the service by running systemctl reload servicename command
- Some services pick up changes only after a systemctl restart servicename command
To log in to a remote server using ssh, use one of these commands:
ssh user@servername
ssh -l user servername
Configuring Alternative Ports
Linux server attacker can use port scan to scan all the 65,535 ports and most of the port scans focus on known ports only, and SSH port 22 is always among these ports.
To protect against port scans, you can configure SSH server to listen on another port.
No comments:
Post a Comment