Re: [tlug] openssh on Centos 5.2

[Kyle Hasegawa <kylehase@example.com>]

On 8/19/2009 11:47 AM, Sotaro Kobayashi wrote:
> For me, I definately need the openssh-server package
> as secured as possible by hardening the remote root access.
>
> So,
>
> [root@example.com sumtec]# chkconfig --level 3 sshd on
>
>    

If you really want to harden remote root access you should disable SSH 
root login and limit authentication to a password protected key only.

     PermitRootLogin no
     PubkeyAuthentication yes
     AuthorizedKeysFile      .ssh/authorized_keys
     PasswordAuthentication no

I've also found that simply changing the SSHd listen port form 22 to an 
ephemeral port stopped all SSH brute force attempts.  I guess the SSH 
bots prefer scanning port 22 on a range of IPs over scanning a range of 
ports on an IP.

Kyle