Re: [tlug] openssh on Centos 5.2

[Sotaro Kobayashi <sotarokob@example.com>]

Kyle Hasegawa wrote:
> On 8/19/2009 11:47 AM, Sotaro Kobayashi wrote:
>   
> > For me, I definately need the openssh-server package
> > as secured as possible by hardening the remote root access.
> >
> > So,
> >
> > [root@example.com sumtec]# chkconfig --level 3 sshd on
> >
> >    
> >     
>
> If you really want to harden remote root access you should disable SSH 
> root login and limit authentication to a password protected key only.
>
>       PermitRootLogin no
>       PubkeyAuthentication yes
>       AuthorizedKeysFile      .ssh/authorized_keys
>       PasswordAuthentication no
>
> I've also found that simply changing the SSHd listen port form 22 to an 
> ephemeral port stopped all SSH brute force attempts.  I guess the SSH 
> bots prefer scanning port 22 on a range of IPs over scanning a range of 
> ports on an IP.
>
> Kyle
>
>   
Hi,   

Yes, these are just my favourite hardening configuration in

/etc/ssh/sshd_config

Additionaly, the UK Linux Format journal was suggesting that
we could use fail2ban package in the last month edition.

For me, I do not like using GUI
for server performance.

Runlevel 3 is enough.

Regards

Sotaro