OpenSSH is a service designed for a remote management so secure configuration of it is mandatory. I show some useful tricks to make your OpenSSH safer. I describe options from the main configuration file of the OpenSSH service – in most distributions it is at /etc/ssh/sshd_config
1) Turn off the permission to login on the root account directly (most Linux distributions have this option set to on). After this, you can login on the root account from a user account by the su command or the sudo command. You should be sure that your system allows to use su from specified users. Sometimes it is require to add your user account to the wheel group.
2) Configure the OpenSSH service to use an alternate port instead of default (22) to prevent it from automatic programs which will be attempted to guess a password.
3) Use a non-standard user name instead of your name or something like: admin, admins, operator, etc. There is no any objections to
login looks like smiliar as password (for example: jgnair134)
4) Use the AllowUsers directive to specify which users only can login over the SSH protocol
5) Use the public key based authentication instead of PasswordAuthentication however you must be vigilant to avoid lost your private key.
Leave a Reply
You must be logged in to post a comment.