Support Forums

Full Version: [TUT] How to secure your SSH server
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello,
Ok bare with me here because this is my first tutorial.

Ok, let's start.

First find the configuration file for your SSH server.
It would normally be located in etc>ssh>sshd_config.
then follow these rules:

#1 Don't allow root to remote login. So change "PermitRootLogin yes" to "PermitRootLogin no"

#2 Limit the users or groups that can login in remotely. If these lines are not there, just add them to the text file.

AllowUsers me
AllowGroups mygroup
DenyUsers fuckface
DenyGroups fuckfacegroup

#3 Allow only Protocol 2.Protocol 1 is less secure.

Protocol 2

#4 Change the default port 22 to something higher like 2222

Port 2222

Those are the basic steps on making your SSH server a lot more secure. You could also add a firewall to know who is trying to connect to you. I use FireStarter because it is easy to use and quite user friendly. It blocks out all connections that I have not allowed through. Here is the link to the site: http://www.fs-security.com/

Hope this helped Blackhat
Okay remote logon is a must. What if you need to access it from your computer or when your at work? You can't always reboot. You can get get_swap_space errors all the time and your server will just fill up.
Port is a good idea, just one thing. For the love of all that is good, don't use your birthday date or your birth year.
LOL, yes of course Tongue that is like the stupidest thing. I normally usually just use 2222.
How about using SSH keys instead of a password.
Ya I though about writing that but..... It is a bit complicated for normal users. This was a basic tut.