Add Me!Close Menu Navigation

My technical corner about Linux, Perl, programming, computer networks and network security

Add Me!Open Categories Menu

Secure configuration of OpenSSH

OpenSSH is a service designed for a remote management hence secure configuration of it’s mandatory. I show some useful tricks to make your OpenSSH safer. I will describe options from the main configuration file of the OpenSSH service – in most distributions it’s located at /etc/ssh/sshd_config

1) Turn off the permission to login to the root account directly (most Linux distributions have this option set to on). After this, you can login on the root account from a user account by the su command or the sudo command. You should be sure that your system allows to use su from specified users. Sometimes it is require to add your user account to the wheel group.

PermitRootLogin no

2) Configure the OpenSSH service to use an alternate port instead of default (22) to prevent it from automatic attempts performed by bots

Listen 12312

3) Use a non-standard user name instead of your name or something like: admin, admins, operator, etc. There is no any objections to
login looks like smiliar as password usually (for example: jgnair134). Of course, don’t use same password as login (hope your pam should not allowed you to do this)

4) Use the AllowUsers directive to specify which users only can login over the SSH protocol

AllowUsers jgnair134

5) Use the public key based authentication instead of PasswordAuthentication however you must be vigilant to avoid lost your private key.

PasswordAuthentication no

Leave a Reply

You must be logged in to post a comment.