OpenSSH is a service designed for a remote management hence secure configuration of it’s mandatory. I show some useful tricks to make your OpenSSH safer. I will describe options from the main configuration file of the OpenSSH service – in most distributions it’s located at /etc/ssh/sshd_config
1) Turn off the permission to login to the root account directly (most Linux distributions have this option set to on). After this, you can login on the root account from a user account by the su command or the sudo command. You should be sure that your system allows to use su from specified users. Sometimes it is require to add your user account to the wheel group.
2) Configure the OpenSSH service to use an alternate port instead of default (22) to prevent it from automatic attempts performed by bots
3) Use a non-standard user name instead of your name or something like: admin, admins, operator, etc. There is no any objections to
login looks like smiliar as password usually (for example: jgnair134). Of course, don’t use same password as login (hope your pam should not allowed you to do this)
4) Use the AllowUsers directive to specify which users only can login over the SSH protocol
5) Use the public key based authentication instead of PasswordAuthentication however you must be vigilant to avoid lost your private key.
Leave a Reply
You must be logged in to post a comment.