Secure Shell (SSH) is widely used by network administrators to control Web and other kinds of servers remotely. The UNIX-based command interface and protocol can also be used to tunnel your traffic, transfer files, mount remote file systems, and much more. OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol. To put it simply, it's an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. Here are 5 tips to secure your OpenSSH server.
1.Change your default SSH Port
Here's how you can do this:
# nano /etc/ssh/sshd_config
Port 2222
Now, while connecting SSH remotely:
# ssh -p 2222 root@192.168.1x.1xx
2.Disable default Root Access through SSH
Use any non root account for ssh and then switch (su–) to root account. Here's how you can do this:
# nano /etc/ssh/sshd_config
PermitRootLogin no
3.Disable password based authentication
Instead use public/private key pair only. Here's how you can do this:
# nano /etc/ssh/sshd_config
PasswordAuthentication no
4.Allow/Deny Specific Users/Groups
SSH server will allow all users to login to server be default. You can of course change that:
-Allow specific User:
# nano /etc/ssh/sshd_config
AllowUsers sks xyz
-Deny Specific User:
# nano /etc/ssh/sshd_config
DenyUsers sks xyz
-Allow Specific Groups:
# nano /etc/ssh/sshd_config
AllowGroups sks xyz
-Deny Specific Groups:
# nano /etc/ssh/sshd_config
DenyGroups sks xyz
5.Restrict SSH on specific network interface
Particularly useful for servers which have one interface connected directly to internet and another on LAN. Here's how you can do this:
# nano /etc/ssh/sshd_config
ListenAddress 192.168.10.100
ListenAddress 127.0.0.1
Hi friends some of the viewers had messaged me to give hacking books so that they can learn every thing offline.So here i am providing with...
0 comments:
Post a Comment