Comments on: Modify SSH Config To Maximize Security

By: Virtual server has been suspended by the administrator

Virtual server has been suspended by the administrator — Thu, 24 May 2012 13:07:37 +0000

[...] and used to scan or attack other servers. I would recommend to apply SSH security as described here Modify SSH Config To Maximize Security Reply With Quote + Reply to Thread « Previous Thread | Next [...]

By: Ray

Ray — Tue, 26 Apr 2011 05:13:46 +0000

Where is “AllowUsers” in sshd_config file?
If it doesn’t have that line, should I just add one like this?

AllowUsers admin
or
#AllowUsers admin

Which one is correct?

By: driveby

driveby — Mon, 05 Oct 2009 13:18:03 +0000

Something I’ve been in the habit of doing is generally have some system group that people who need a shell will be in, such as wheel and admin groups depending on distro. Then, in the sshd_config use the AllowGroups option to restrict access that way. It makes things sort of self-documenting on the system side, doesn’t require updating the sshd_config for account changes, etc.

By: SSH follow-up « Akee fruits

SSH follow-up « Akee fruits — Sat, 08 Dec 2007 00:13:00 +0000

[...] I found this article when I began my research, which seems like a good starting point. I keep googling around and tweaking when I have a few minutes and an Internet connection at hand. It’s really interesting, I might buy myself the O’Reilly book on SSH as a Christmas gift or something (…since the Canonical store refused my payment for what I ordered and doesn’t answer my emails about it). There’s a lot of stuff I want to try but first I’d like to understand them more. [...]

By: Tim Archer

Tim Archer — Mon, 09 Apr 2007 23:58:14 +0000

In your sshd_config file you may also want to limit the LoginGraceTime parameter. I have a small writeup at: http://timarcher.com/?q=node/46

By: Jimmy Nord » Blog Archive » Instructions on Maximizing SSH security

Fri, 02 Feb 2007 08:09:44 +0000

[...] http://www.foogazi.com/2006/11/29/modify-ssh-to-maximize-security/ [...]

By: Myglobalblog » Blog Archive » life is about modifying SSH

Myglobalblog » Blog Archive » life is about modifying SSH — Thu, 04 Jan 2007 02:56:43 +0000

[...] Url.Site.Linux.modifying SSH [...]

By: Krígl

Krígl — Tue, 12 Dec 2006 07:49:16 +0000

It should be mentioned that changing ssh port is useful only if you can afford it, i.e. if only you and several other trusted people use the machine, security through obscurity might be fine, but setting up strong password (or key along with disabling passwords) is still much more important.
Without it, security through obscurity will on the contrary become much more risky. One aggressive scan will tell attacker anyway and against botnets are abovementioned methods of disabling root login and reducing number of logging tries and permitted users much better.

Last but not least – any script kiddie worth it’s h4xx0r l33tness will try some obvious ports like 2200 or 22222 while your users, if logging remotely twice in a year, may easily forgot that 13654 port and end up scanning the machine for it.

Btw. I hope this system hides email, when it’s required, if it is so, it’s fine to mention it, so less people will submit some nonsense like I did.

By: Initial Slackware Configurations « foogazi.com - technical aspects for the masses

Fri, 01 Dec 2006 16:18:41 +0000

[...] Read my article on Modifying SSH to Maximize Security for details on modifications to make to your sshd_config file. [...]

By: adam k

adam k — Thu, 30 Nov 2006 18:19:06 +0000

@chort:

You’re right in the sense that it’s useless because it is set to “no” by default, but I still decided to include it because some people may be allowing empty passwords. Just wanted to let you know that I thought about the “uselessness” prior to posting.

Thank you for your input.

Great tip on setting the port higher than 1023, I should have mentioned that.