Secure SHELL (SSH) Hardening

                                       


(1) Change the default Port of ssh from (22) to other which is above (1024) and   the port must be free.
e.g:-
    
          Port 7824

(2) Change the PermitRootLogin setting to (no) . The default is yes.
e.g:-    
          PermitRootLogin no

(3) Change PermitEmptyPasswords setting to (no).
e.g:-    
          PermitEmptyPasswords no

(4) Change Protocol setting to “2” if it is “1”. The default value is “2”.
e.g:-
    
          Protocol 2

(5) Change LoginGraceTime to lower number. The default is 120  (second).
e.g:-    
          LoginGraceTime 60

(6) Change OR Add the AddressFamily setting to “inet” (for IPv4 only) ,”inet6″ (for IPv6 only) and “any” (for both IPv4 and IPv6).
e.g:-    
          AddressFamily inet

(7) Add ListenAddress to sshd_config if you want to run the SSH  services on particular address.
e.g:-
    
          ListenAddress xxx
.xxx.xxx.xxx

(8) Change MaxAuthTries to 3 ( any one you want ). It specifies the maximum  number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. The default is 6.
e.g:-
    
          MaxAuthTries 3

(9) Add Banner to config file if you want to give some Message to all user who connect to your server through ssh.
e.g:-    
          Banner /etc/issue.net

(10) Add or Change the AllowUsers , AllowGroups , DenyUsers and DenyGroups to make an access control list to allow or deny Login.

Advertisements

2 responses to this post.

  1. You are a very smart person!

    Reply

  2. A SUPPORTED BY THE DEVELOPER TOOLS? It was interesting. You seem very knowledgeable in ypour field.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: