 
        	    Lead Image © Fotoflash,Fotolia.com
The top three SSH tricks
Security Skills
Secure Shell (SSH) is more than a simple remote connectivity protocol. The SSH utility is one of the most versatile tools in your administrative toolbox. You can use SSH to copy files securely, and you can even build it into automation scripts.
Trick 1: Configuring a More Secure SSH
Although SSH is secure in a default installation, you can make some tweaks to provide an even more secure environment. The parameters to change are located in /etc/ssh/sshd_config. The first security change is to deny root user logins by finding the line
PermitRootLogin Yes
and changing the Yes to No.
If you have a limited number of users (fewer than 10), you can use the AllowUsers entry to limit which users can use SSH to connect to the server. Remember to include yourself on the user list, which is space delimited:
AllowUsers bob admin fred joe
If you have more than 10 users or if you choose to manage by groups, create an sshusers or similar group and add users as needed:
$ sudo groupadd --r sshusers $ sudo usermod --a --G sshusers bob
In sshd_config, use the AllowGroups directive with your group name,
AllowGroups sshusers
and restart the SSH daemon:
$ sudo service ssh restart
For systemd servers, use either of the following commands:
$ sudo systemctl restart sshd $ sudo systemctl restart ssh
A final change to enhance SSH security on your network is to allow SSH sessions to originate only from a single server, often known as a "jump" server. This change is outside of the SSHD configuration and only involves limiting the allowed IP address through iptables by entering the command
$ sudo iptables -A INPUT -p tcp -s [IP...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
 
            
		





 
         
         
        