SSH learning 4 OpenSSH Security

Source: Internet
Author: User
Tags ssh port

OpenSSH is an encrypted communication software for Linux/Unix. It is also an essential software for remote control of Linux/Unix servers. For Linux and Unix distributions of different versions, the configuration file locations of OpenSSH are different. For example, the OpenSSH configuration file in Ubuntu is in/etc/ssh/sshd_config.

OpenSSH Security Options: Port 22 // The Port opened by OpenSSH: LoginGraceTime 120 // The number of seconds after the client successfully connects to the server and does not log on to the server, it is forced to close the connection to PermitRootLogin yes // whether to allow the Root user to log on, yes indicates yes, and no indicates no. For security reasons, we recommend that you change it to no to prevent brute-force cracking of AllowUsers webgod. // users allowed to log on, allowGroups webgod does not exist by default. The user group that allows logon is not allowed. DenyUsers webgod does not exist by default. DenyGroups webgod does not exist by default.

To ensure security, you can change the default port 22 to another idle port number (such as 435) to prevent scanning. At the same time, you also need to define the ssh port in the/etc/services file:

Ssh 22/tcp

Ssh 22/udp

In addition, you can use AllowUsers, AllowGroups, DenyGroups, and DenyUsers to configure parameters or their combinations to limit the access permissions of users or user groups. For example, to limit that only webgod users can access the system, you can add the following configuration parameters in the/etc/ssh/sshd_config configuration file.

AllowUsers webgod

After sshd is restarted, except for webgod users, the system will reject logon requests from other users and output Access Denied error messages.

After modifying the OpenSSH configuration file, you need to restart the sshd daemon to make the new settings take effect.

$ Sudo/etc/init. d/ssh restart


Appendix: SSH-related configuration files:

OpenSSH configuration files and main files are stored in the/etc/ssh/directory, which includes the following files:

/Etc/ssh/sshd_config: setting file of the sshd server

/Etc/ssh/ssh_config: setting file of the ssh client

/Etc/ssh/ssh_host_key: RSA private key for SSH1

/Etc/ssh/ssh_host_key.pub: RSA public key for SSH1

/Etc/ssh/ssh_host_rsa_key: RSA private key used by SSH2

/Etc/ssh/ssh_host_rsa_key.pub: RSA public key used for SSH2

/Etc/ssh/ssh_host_dsa_key: Specifies the DSA private key for SSH2.

/Etc/ssh/ssh_host_dsa_key.pub: DSA public key used for SSH2

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.