Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] openssh on Centos 5.2



Kyle Hasegawa wrote:
On 8/19/2009 11:47 AM, Sotaro Kobayashi wrote:
For me, I definately need the openssh-server package
as secured as possible by hardening the remote root access.

So,

[root@example.com sumtec]# chkconfig --level 3 sshd on


If you really want to harden remote root access you should disable SSH root login and limit authentication to a password protected key only.

      PermitRootLogin no
      PubkeyAuthentication yes
      AuthorizedKeysFile      .ssh/authorized_keys
      PasswordAuthentication no

I've also found that simply changing the SSHd listen port form 22 to an ephemeral port stopped all SSH brute force attempts. I guess the SSH bots prefer scanning port 22 on a range of IPs over scanning a range of ports on an IP.

Kyle

Hi,
Yes, these are just my favourite hardening configuration in

/etc/ssh/sshd_config

Additionaly, the UK Linux Format journal was suggesting that
we could use fail2ban package in the last month edition.

For me, I do not like using GUI
for server performance.

Runlevel 3 is enough.

Regards

Sotaro


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links