If you are having a machine exposed to the Internet via SSH you should secure your system.
Here is a quick recipe how this can be achieved:
Modify your SSH server configuration /etc/ssh/sshd_config:
- change the default port
- do not allow root login
- do not allow password login
Port 221234 PermitRootLogin no ChallengeResponseAuthentication no PasswordAuthentication no PermitEmptyPasswords no
Before you disable password authentication make sure you have copied your public key to the server. This can be achieved via ssh-copy-id command.
# ssh-copy-id myuser@server
In addition install denyhosts to block brute-force SSH login requests.
Denyhosts will continuously update your hosts.deny file with bad IPs / Hosts.
No comments:
Post a Comment