Before making any changes to the SSH configuration do not close or kill any connection in case you need to make some emergency changes.
The primary file we need to edit is located at.
/etc/ssh/sshd_config
also the # means it’s default value in the configuration file
SSH is a vital tool for any administrator, but also happens to be the focus for attacks some succeed because of systems running default configurations which makes the job of the attacker easier. The point of this article is to change the obvious default values and remove unnecessary access.
The basic rule for scanning is to first scan for common port in the case of SSH it happens to 22, the solution it use another port above 1024.
#Port 22
Port 1520
There are two protocols used by SSH 1 and 2, protocol 1 is old and insecure by now, to save us from future problems we need to disable protocol o1 and only to the current protocol which is 2.
#Protocol 2,1
Protocol 2
The Root account has no need to be reachable from the Internet, instead create a user with privileges. It’s kind of obvious instead of having to provide a single password now the user is required to provide two.
First of all we have to deny direct access to the root account.
#PermitRootLogin yes
PermitRootLogin no
Automated attacks will benefit from default configurations, like allowing a high number of invalid attempts, we limit the number of fails attempts before denying and requiring another attempt.
#MaxAuthTries 6
MaxAuthTries 2
Now lets limit the amount of unauthenticated connection the SSH server will handle at the same time. When we make the numbers smaller than the default of 10 we are making it harder for the attacker to coordinate an attack with multiple connections. The new values tell the SSH server to allow 3 users at the same time then randomly and increasingly drop the connections between 2 / 8.
#MaxStartups 10
MaxStartups 2:40:8
By default the SSH server will hold open an unauthenticated connection for 2 minutes which is a long time in the Internet, 30 seconds is more than enough time to log in.
#LoginGraceTime 2m
LoginGraceTime 30
SSH keys are far more secure than passwords, if using keys it’s a good idea to disable password login all together.
#PasswordAuthentication yes
PasswordAuthentication no
This may seem basic but we are actually giving the attacker a run for his or her money, remember to always restart the service
/etc/init.d/sshd restart
If you find any of the material on this site useful please take a moment to make a small donation.


Recent Comments