Escolar Documentos
Profissional Documentos
Cultura Documentos
com
Originally published on
LinuxTechLab.com
Hi Linux-fanatics, in this tutorial we will be discussing some ways with which we make
our ssh server more secure. OpenSSH is currently used by default to work on servers as
physical access to servers is very limited. We use ssh to copy/backup files/folders, to
remotely execute commands etc. But these ssh connections might not be as secure as
we believes & we must make some changes to our default settings to make them more
secure.
Here are steps needed to secure our ssh sessions,
Enable Protocol 2
SSH protocol 1 had man in the middle attack issues & other security issues as well, all
these issues were addressed in Protocol 2. So protocol 1 must not be used at any cost.
To change the protocol , open your sshd_config file & change the following parameter
Protocol 2
Note:- If using firewall, open the port on your firewall & we must also change the
SELinux settings if using a custom port for ssh. Run the following command to update
the SELinux label
$ semanage port -a -t ssh_port_t -p tcp 15000
Limit IP access
If you have an environment where your server is accessed by only limited number of IP
addresses, you can also allow access to those IP addresses only. Open sshd_config file &
enter the following with your custom port
Port 15000
ListenAddress 192.168.1.100
ListenAddress 192.168.1.115
Now ssh session will only be available to these mentioned IPs with the custom port
15000.
So, this completes our tutorial on securing your ssh server. If having any doubts or
issues, please leave a message in the comment box below.
If you think we have helped you or just want to support us, please consider these :-
Connect to us: Facebook | Twitter | Google Plus
LinuxTechLab.com