Linux and UNIX Systems Configuration Help, How To, Tutorial and Basic Information

  • Decrease font size
  • Default font size
  • Increase font size
  • default color
  • red color
  • green color
Home Manual Linux, UNIX How To Securing SSH Connection
How To Securing SSH Connection PDF Print E-mail
Thursday, 03 December 2009 12:51
AddThis Social Bookmark Button
how to-linux-unix-network-secure-SSH-connection

This how to helps you to create secure connection via ssh between your unix and linux systems. All examples written for RedHat based systems. Also we assume that you already have installed openssh server and running, if not do this steps:

Install open-ssh server

yum install openssh-server
/etc/init.d/sshd start

First locate and edit config files

  • SSH server configuration file - /etc/ssh/sshd_config
  • Access control tcpwrapper configuration - /etc/hosts.allow and /etc/hosts.deny
  1. Choose a strong password
  2. Install "DenyHosts" to auto-block bad clients - Installing the "denyhosts" server which watches the /var/log/secure logfile for invalid ssh login attempts, and if a configurable threshold is crossed, they are automatically blocked by being added to /etc/hosts.deny. Install denyhosts, and optionally edit the good default configuration in /etc/denyhosts.conf:You can install denyhosts by this steps yum install denyhosts
    chkconfig denyhosts on
    /etc/init.d/denyhosts start
  3. Change the default port - Edit /etc/ssh/sshd_config config file by your favorite text editor and change the line which reads "Port 22" to any other unused port. #Port 22
    Port 2223
  4. Disable Protocol 1 which is insecure and allow Protocol 2 #Protocol 2,1
    Protocol 2
  5. Disable root login #PermitRootLogin yes
    PermitRootLogin no
  6. Allow only specific users to login - For example, to allow only the users "john", ”Jack” and users atarting “ge” to login, add the this line to sshd_config: AllowUsers john jack ge*
  7. Allow only specific IP addresses to connect - Allow only users from certain IP addresses to connect. Before allowing specific IPs, the default policy must first be set to DENY to be effective. edit /etc/hosts.deny and add the following line: sshd: ALL Add to /etc/hosts.allow the network you want to allow. For example, add the following to /etc/hosts.allow: sshd: 192.168.2.0/255.255.255.0
    sshd: 10.0.10.0/255.0.0.0
    sshd: 141.32.69.102
  8. Allow only users with keys to connect; no passwords allowed - in sshd_config change PasswordAuthentication no

    Bind the ssh server to a specific network interface – Edit sshd_config:

    ListenAddress 192.168.2.12
 

Comments  

 
0 #1 Gevorg 2009-12-04 09:31
Good Job. Thanks
Quote
 

Add comment


Security code
Refresh

Latest News

Popular

Tags

access  client  create  describes  example  file  files  freebsd  ftp  manual  read  samba  server  testa  testu  user  users  windows 
by Zaragoza Online

Friends

Thanks David Ayvazyan for provided useful information and discussions.
www.gnu.am (Armenian Translation)
Legal Remedy for Your Needs