Securing SSH in Linux Servers

SSH security has to be taken care when Linux server is up and running. Most administrators tend to install an SSH server and leave it at its default settings, typically to allow password authentication and root logins . There are few parameters in /etc/ssh/sshd_config which can be changed to securing SSH.

Open /etc/ssh/sshd_config and add the below line

PermitRootLogin no

Limit SSH protocol to version 2 as version 1 is not secure

Protocol 2

Prevent SSH from setting up TCP port and X11 forwarding

AllowTcpForwarding no
X11Forwarding no

Check the StrictModes directive is enabled which checks file permissions and ownerships of some important files in the user’s home directory like ~/.ssh, ~/.ssh/authorized_keys etc. If any checks fail, the user won’t be able to login.

StrictModes yes

Ensure that all host-based authentications are disabled. These methods should be avoided as primary authentication.

IgnoreRhosts yes
HostbasedAuthentication no
RhostsRSAAuthentication no

After changing any directives make sure to restart the sshd daemon:

/etc/init.d/sshd restart

Allow SSH connections only from  admin networks. Exclude User networks. This article help you to disables Hosts and Groups to SHH

About Sandeep kalathil

Iam a System Engineer working in Cochin , Interested in Linux and Windows servers and happy to share knowledge that i have gained through my day to day work.

Check Also

Update timthumb.php to prevent Zero Day vulnerability

Recently many sites are infected with timthumb script vulnerability.  Its a Zero Day vulnerability inside image …