Posts Tagged ‘SSH’

Secure SHELL (SSH) Hardening

                                       


(1) Change the default Port of ssh from (22) to other which is above (1024) and   the port must be free.
e.g:-
    
          Port 7824

(2) Change the PermitRootLogin setting to (no) . The default is yes.
e.g:-    
          PermitRootLogin no

(3) Change PermitEmptyPasswords setting to (no).
e.g:-    
          PermitEmptyPasswords no

(4) Change Protocol setting to “2” if it is “1”. The default value is “2”.
e.g:-
    
          Protocol 2

(5) Change LoginGraceTime to lower number. The default is 120  (second).
e.g:-    
          LoginGraceTime 60

(6) Change OR Add the AddressFamily setting to “inet” (for IPv4 only) ,”inet6″ (for IPv6 only) and “any” (for both IPv4 and IPv6).
e.g:-    
          AddressFamily inet

(7) Add ListenAddress to sshd_config if you want to run the SSH  services on particular address.
e.g:-
    
          ListenAddress xxx
.xxx.xxx.xxx

(8) Change MaxAuthTries to 3 ( any one you want ). It specifies the maximum  number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. The default is 6.
e.g:-
    
          MaxAuthTries 3

(9) Add Banner to config file if you want to give some Message to all user who connect to your server through ssh.
e.g:-    
          Banner /etc/issue.net

(10) Add or Change the AllowUsers , AllowGroups , DenyUsers and DenyGroups to make an access control list to allow or deny Login.

Advertisements