Skip to content

Securing SSH

November 28, 2007

Ini adalah hasil kompilasiku (sementara) dari sana-sini mengenai securing SSH. Untung ada Google di dunia ini.

1. Change the default port for ssh. Default-nya adalah port 22.

2. Disallowing login by the root user.

3. Use AllowUsers setting to limit connections just to some users.

4. Set sshd_config to accept only SSH version 2 protocol.

5. Use third party tools such as fail2ban package to help againts ssh-scanning attack.

6. Use public-key authentication instead of password-based login.

7. Filter by source IP from trusted networks only.

8. Require multi-hop ot VPN connections.

9. Use OTP (one time password) method.

10. Use port knocking method.

From → IT

Comments are closed.

%d bloggers like this: