Linux Remote Networking over the Internet (part 3)
Nov 10, 2009, 20:33 (0 Talkback[s])
(Other stories by Carla Schroder)
"Hardening the OpenSSH Server for Password Logins
"This is easy, just changing a few lines in
/etc/ssh/sshd_config:
Port 2022
PermitRootLogin no
AllowUsers [usernames or groups separated by spaces]
ListenAddress 192.168.1.1
ClientAliveInterval 3600
"Remember to restart sshd whenever you change the configuration
file. Specifying an alternate port reduces brute-force login
attempts by a lot. Yes, everyone knows that this option is
available, and no, it wouldn't be very hard to script brute-force
attacks to scan for the open SSH port. But they don't, and a side
benefit is it cuts down the clutter considerably in your logfiles.
You must select an unused port, which you can find in
/etc/services. Be sure to enter your alternate SSHD port in this
file so you don't forget.
"Never ever permit a root login over the Internet. If you need
root privileges, log in as an ordinary user and then su or sudo
after logging in. (In the next installment in this series I'll show
you how to restrict sudo to specific commands.)"
Complete
Story
Related Stories:
- More Linux Remote Networking Tips and Tricks (part 2)(Oct 21, 2009)
- Linux Remote Networking Tips and Tricks(Oct 14, 2009)
- OpenSSH 5.3 is now available(Oct 04, 2009)
- Get network versatility with SSH tunneling and netcat(Sep 29, 2009)
- Create, sign, and publish your PGP key with Seahorse(Sep 20, 2009)
- XDMCP over SSH for Linux and Windows(Sep 01, 2009)
- 10 super-cool Linux hacks you did not know about(Jul 31, 2009)
- Top 20 OpenSSH Server Best Security Practices(Jul 26, 2009)
- Anonymous SSH Sessions With TOR(Jul 16, 2009)
