Jump to content
Nytro

Hardening SSHD

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Hardening SSHD

Step 1: First of all we need to make a regular user, since we are disabling direct root login:

adduser admin && passwd admin

Step 2: Backup your current sshd_config

mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Step 3: Create a new sshd_config file

nano -w /etc/ssh/sshd_config

Step 3.1: Paste this code into the new file

## Change to other port is recommended, etc 2488
Port 22

## Sets listening address on server. default=0.0.0.0
#ListenAddress 192.168.0.1

## Enforcing SSH Protocol 2 only
Protocol 2

## Disable direct root login, with no you need to login with admin user, then "su -" you into root
PermitRootLogin no

##
UsePrivilegeSeparation yes

##
AllowTcpForwarding no

## Disables X11Forwarding
X11Forwarding no

## Checks users on their home directority and rhosts, that they arent world-writable
StrictModes yes

## The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication
IgnoreRhosts yes

##
HostbasedAuthentication no

## RhostsAuthentication specifies whether sshd can try to use rhosts based authentication. 
RhostsRSAAuthentication no

## Adds a login banner that the user can see
Banner /etc/motd

## Enable / Disable sftp server
#Subsystem      sftp    /usr/libexec/openssh/sftp-server

## Add users that are allowed to log in
AllowUsers admin

Control + X to save

Step 4: Verify settings in the sshd_config you created

nano -w /etc/ssh/sshd_config

REMEMBER YOU SHOULD CHANGE THE PORT TO SOMETHING ELSE. ( Example Port 2488 )

Step 5.1: Add text to MOTD Banner file (/etc/motd)

nano -w /etc/motd

Step 5.2: Add this text, or something else of your choice

Private system, please log off.

Step 6: Restart the SSHD Daemon

service sshd restart

Step 7: Start a NEW client, and test that you can connect on new port. (DO NOT CLOSE CURRENT SSH CLIENT INCASE OF PROBLEMS)

Sursa: Hardening SSHD | SecureCentos.com

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...