How to Secure OpenSSH (SSHD) on Linux

OpenSSH is a open source alternative to the proprietary Secure Shell software. It is also the SSH connectivity tools that allows you to remotely login, transfer remote file via scp or sftp. It was created as an open source alternative to the proprietary Secure Shell software. OpenSSH options are controlled through the /etc/ssh/sshd_config file. In order to improve OpenSSH server security, certain default sshd setting need to be change. This post will show you three example to Secure OpenSSH (SSHD) on Linux. This steps has been tested on CentOS 6.3 and may working on CentOS 6.2, CentOS 5.x and Redhat Enterprise Linux 5 (RHEL 5) and Redhat Enterprise Linux 6 (RHEL 6).

READ  How to Resolve Number of Virtual Devices Exceeds the Maximum for a Given Controller

1.Change SSH Default Port :

By default ssh runs on port 22. Hacker would need to know the SSH port number in order to access your system. One of the method to improve security is to change the default port to a non-standard port. That would helps to stop brute force attacks.

#Port 22

Uncomment and change to :

Port 2202

2. Disable Root Login (PermitRootLogin) :

Add the following entry to sshd_config to disable root to login to the server directly.

#PermitRootLogin yes

Uncomment and change to :

PermitRootLogin no

3. Listen Specific IP only :

By default ssh will listen on all of the above ip-addresses. If you want users to login only using ip-address and, do the following in your sshd_config :


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>