Harden your OpenSSH confg , step by step instructions to making your ssh more hard to bruteforce and exploit.
Tested on: Centos 5 32Bit! I recommend you install webmin before doing changes here !
Reason you say? if sshd dies, or firewall ****s up, you can fix it though webmin command line, and file editor.
Step 1: Backup your sshd config
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Step 2: Add a regular user, if you not already got one etc..
adduser admin
passwd admin
Step 3: Edit running sshd_config
!Remember to change the port in your firewall also!
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Find #Port 22, Change it to a port of your choice :
Port 22
Find #ListenAddress 0.0.0.0, Change to :
ListenAddress YOUR-IP-HERE
Find #Protocol 2, 1 , Change to :
Protocol 2
Find #PermitRootLogin yes, Change to :
!Remember that when you set this to no, you will need a other user to get root!
PermitRootLogin no
Find #MaxAuthTries 6 , Change it to :
MaxAuthTries 2
Add this line to only give access to "admin" account, or the other regular user you have:
AllowUsers admin
Example Config :
Port 5988
Protocol 2
ListenAddress 1.2.3.4
PermitRootLogin no
Banner /etc/motd
Subsystem sftp /usr/libexec/sftp-server
AllowUsers admin
MaxAuthTries 2
Also posted on:
Tags