Secure The Default SSH Configuration

SSH is a secure protocol used for system administration, tunneling and many useful things that a secure encrypted channel can offer. Due to the importance it has on a system attackers tend to make it a priority when scanning for ports. Increasing the level of awareness and security requires common sense to avoid using short password and common user names like “user” on a system exposed to the Internet. The location of the OpenSSH configuration may vary depending on the Linux distribution you are using, the fundamentals still remain the same.

  • When the sign # is present it means previous value

Improve the default configuration

On Debian based distribution the configuration for OpenSSH can be found at.


Usually the attacker will scan for common or default ports, SSH uses port 22. In order to reduce the amount of failed attempts on a system change the port to a number above 1024.

#Port 22
Port 1520

OpenSSH offer two protocols SSH1 and SSH2, all just need to is SSH1 is insecure. The solution is to simply select protocol 2.

#Protocol 2,1
Protocol 2

The Root account has no need to be reachable from the Internet, instead create a user with privileges. You do not want to grant the attacker a nuke!. Deny login access to the root account from the Internet.

#PermitRootLogin yes
PermitRootLogin no

Automated attacks benefit from default configurations, like allowing a high number of invalid attempts, limit the number of fails attempts before denying and requiring another attempt.

#MaxAuthTries 6
MaxAuthTries 2

Now lets limit the amount of unauthenticated connection the SSH server will handle at the same time. When we make the numbers smaller than the default of 10 we are making it harder for the attacker to coordinate an attack with multiple connections. The new values tell the SSH server to allow 3 users at the same time then randomly and increasingly drop the connections between 2 / 8.

#MaxStartups 10
MaxStartups 2:40:8

By default the SSH server will hold open an unauthenticated connection for 2 minutes which is a long time in the Internet, 30 seconds is more than enough time to log in.

#LoginGraceTime 2m
LoginGraceTime 30

SSH keys are far more secure than passwords, do not run the risk of an attacker guessing you password. Disable password authentication and only allow access by using SSH keys.

#PasswordAuthentication yes
PasswordAuthentication no

This may seem basic but we are actually giving the attacker a run for his or her money. For the changes to take effect restart OpenSSH.

/etc/init.d/sshd restart

MotoQ Report

My Internet service provider with whom I have bundle all of my service was offering a great deal on wireless. The choice seem to narrow down to the MotoQ, after I received the phone my next task was to set up my email account and SSH client with only minor problems. The SSH client seems a bit slow but the ability to do a quick fix is better than nothing. My e-mail account is with my web hosting provider, has of now I have no Push e-mail instead the phone syncs with the account every 15 minutes. If you are getting a Windows Mobile 5 device you should know that there are no document editing capabilities unless you buy a third party application from Dataviz, only Windows Mobile 6 has editing capabilities by the fault. There is a free solution for document editing on WM5 some one ported the editing functions from WM6 to WM5 and its available in a .CAB file. One piece of software that I have become addicted to is Google Maps which brings the ability to find pretty much any business or location and display the results in a very detail manner you are bound to become addicted. For those of you that are into managing your money and want to have some type of visual access there is Pocket Quicken, I find the Application to be very expensive for a mobile app, it even cost more than the desktop one. In conclusion I’m pleased with the phone, but not with Pocket Quicken which cannot sync when Desktop Quicken is open. Also for some reason Windows Mobile 5 will not kill the applications after they are closed , I have to manually kill them otherwise the phone becomes a bit slow.

What’s needed

  • Organizer
  • e-mail
  • SSH
  • Document editing
  • Money management

Third party software loaded into MotoQ

  • Google Maps
  • Pocket Quicken
  • Zatelnet
  • Office 6

File Recovery With Photorec

Recovering files from an accidental erase or format should not be that hard, I use a tool call Photorec it makes wonders it will even recover files that have been deleted previously. I decided to use a USB flash drive for testing because its only 128MB and it would result in a faster recovery, the bigger the storage space the more time it will take to recover those files. One of the features that I like in Photorec is whether to search the entire medium or just for specific formats, also be prepare to sort between files because the software will recover previously deleted files, I always find that amazing. For more information on Photorec visit their site.

Testing equipment

128MB flash drive 2 JPEG pictures and my desktop The flash drive was formated to simulate and accidental erase.


  • Start Photorec, cdm appears.
  • We are going to choose our device which is being represented as /dev/sdc 123 MB, hit enter
  • In the next screen we are ask for the partition table type, I believe the most common one in this case is Intel/PC partition, then hit enter.
  • In the 3rd screen we choose the 2nd option which is being represented as partition FAT32, you can use the right arrow if you want to go to [options] or [file opt] in this case I don’t find it necessary.
  • In the 4th screen we get to specify the file system, lets choose the 2nd option FAT/NTFS/HFS+/ReiserFS/.
  • 5th Screen choose the 2nd option [ Whole ], we are going to extract all files from the medium.
    6th Screen you get to tell where the results will be saved, remember you have to press y/n.

Back Up And Install The Cisco IOS Image

In order to back up the IOS you need a TFTP server, SolarWinds offers a Free TFTP Server. If you have no idea what version of the IOS you are using use the show flash command.

Router#show flash
System flash directory:
File Length Name/status
1 3289170 d1206.bin
[3289236 bytes used, 905068 available, 4194304 total]
4096K bytes of processor board System flash (Read/Write)


From the console in privileged EXEC mode enter the copy flash tftp command. When requested enter the IP address of the TFTP server.

Router#copy flash tftp
Source filename []? d1205.bin
Address or name of remote host []?
Destination filename [d1205.bin]? y
3289170 bytes copied in 47.668 secs (69982 bytes/sec)


To copy the IOS from a TFTP server use the copy tftp command. When requested enter the IP address of the TFTP server containing the IOS.

Router#copy tftp flash
Address or name of remote host []?
Source filename []? d1206.bin
Destination filename [d1206.bin]?
Accessing tftp://
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device… eeeeeeeeeeeeeeee …erased
Erase of flash: complete
Loading d1206.bin from (via Ethernet0): !!!!!!!!!!!!!!!!!!
[OK - 3289170/6578176 bytes]
Verifying checksum… OK (0xB6BD)
3289170 bytes copied in 89.272 secs (36956 bytes/sec)

Password Recovery For The Cisco IOS

Connect a PC with a terminal emulation software to the console port on the Cisco router. Cisco 2620 router, IOS 12.2. Settings for the terminal

9600 baud rate
No parity
8 data bits
1 stop bit
No flow control

Turn off the router, then back on. After the router is on press the BREAK key(Alt + b on Tera Term) within 60 seconds of start to have the router in ROMMON. The prompt will show.

rommon 1>

Then type confreg 0x2142 to boot from flash (this will bypass startup configuration).

rommon 1>confreg 0×2142

Type reset at the prompt (ignores saved configuration, then reboots).

rommon 2>reset

Press Ctrl-c to skip the initial procedure. Type enable at the prompt.


Then the prompt changes to Router#. Now type.

Router#configure memory


Router#copy startup-config running-config

commands will copy NVRAM in to memory. To show the current configuration on the router use.

Router#show running-config

The output will be : enable passwords enable secret vty console password which will be in encrypted or unencrypted format, encrypted passwords should be change to a new one. To change encrypted or enable secret password do the following.

Router#configure terminal
Router(config)#enable secret Router(config)#exit

Issue the no shutdown command on every interface.

Router(config)#interface serial 0/1
Router(config-t)#no shutdown

Type config-register use the value 0×2102.

Router(config)#config-register 0×2102

Press Ctrl-z to leave configuration mode.


Type write memory or copy running-config startup-config to commit all of the new changes and configurations.

Install The Windows Recovery Console

More than once I had to do some repairs on my Windows box and the only tool that I used was the Recovery Console. I suggest you Google Recovery Console to learn all the commands, I will only show you how to install the recovery console so that the next time the system starts the recovery console will appear as an option in the boot menu.

Install the recovery console

  • Log into Windows as the local administrator
  • Insert the setup CD
  • Click Start > Run
  • Type the following in D: D:i386winnt32.exe /cmdcons
  • Follow the instructions on the screen

I hope this helps so that the next time you don’t have to look around for the CD to do the necessary repairs.