Author: Steven Neiland
Published:

Warning: This blog entry was written two or more years ago. Therefore, it may contain broken links, out-dated or misleading content, or information that is just plain wrong. Please read on with caution.

One of the first security holes you should close on a new linux server is to secure the ssh login. There are three steps I follow to accomplish this.

Warning 1: These steps alone are not enough to secure your server, they only make attacking it slightly more difficult.

Warning 2: Altering your ssh service can cause it to stop functioning. Only change the ssh configuration if you have console access to the machine to fix anything that goes wrong.

Step 1: Disable Root Login over SSH

Our first step is to block direct login as root over ssh. This forces users to login as a non root user then 'su' into the root level priviledge. This adds an extra layer of security as any cracker who does manage to brute force your user password must then crack the root password.

To disable the root login over ssh we edit the 'sshd_config' file located at '/etc/ssh/sshd_config'. Locate the and uncomment the line 'PermitRootLogin yes' and change the value to 'no'.

//uncomment this line and change to 'no'
#PermitRootLogin yes
PermitRootLogin no

Step 2: Change the SSH Listen Port

Most attacks against ssh are done by robots which target port 22 which is a well known port number. By moving your ssh port from the standard port 22 you can block most automated breakin attempts.

To change the list port we again edit the '/etc/ssh/sshd_config' file. Locate the line which contains 'Port 22' and change it to some other unused port number.

//uncomment this line and change to our new ssh port number
#Port 22
Port 1234

On some versions of linux this line will be commented out, this simply means that the system is using the default value which again is port 22 so we simply uncomment the line and change our port number.

Step 3: Disable "Protocol 1"

On most recent linux releases 'Protocol 1' will be disabled by default for ssh. However it is still good practise to check. Open up the sshd_config file and look for the 'Protocol' line. Ensure it is uncommented and reads 'Protocol 2'.

//change this to ensure only Protocol 2 is used
#Protocol 2,1
Protocol 2

Restart the SSH service

Finally our last step is to restart ssh to put our changes into effect.

/etc/rc.d/rc.sshd restart

What Do You Think?

Reader Comments

malek's Gravatar
malek
Saturday, October 27, 2012 at 8:10:47 AM EDT

Thank you.
May you continue to secure the daemon :)

malek

Post a Comment

Comment Etiquette:

  • Please keep comments on-topic.
  • Please do not post unrelated questions or large chunks of code.
  • Please do not engage in flaming/abusive behaviour.
  • Comments that contain or appear to be advertisments, will not be published.
  • Comments that appear to be created for the purpose of linkbuilding to commercial sites will be removed.

We are all adults here so play nice.

*
*



Archives Blog Listing

Tag Listing

Learn CF In A Week

Treehouse

 
Fork me on GitHub