SSH security thinking and configuration, SSH security thinking Configuration

Source: Internet
Author: User

SSH security thinking and configuration, SSH security thinking Configuration
I have previously written an article on Oracle RAC equivalence configuration at http://blog.csdn.net/jacson_#/article/details/42673;
This is just the tip of the iceberg used by ssh, password-free login;
1. How do I decide whether to log on with a password or a key?
Oracle DBA often uses a password to log on to the same LAN as Oracle;
When managing thousands of Linux Hosts in a cluster, I usually select a key to log on to and use one key to log on to any host.
2. Who is more secure to log on with the key and password?
For external attacks, the key security is undoubtedly much higher than the password;
For actual operations, the loss caused by operator errors is much greater than that caused by attacks.
3. How to Make password login more secure?
(1). Change the default SSH port;
(2). Disable direct root login. {Add a common user and use the root permission before switching}
(3). Only users and IP addresses are allowed to log on to the host.
Method 1:

<Pre name = "code" class = "SQL"> in/etc/hosts. allow adds sshd: 10.10.10.88: allow (here 10.10.10.88 is the ip address you want to allow access to ssh, or a network segment 10.10.10.88/24) in/etc/hosts. added sshd: ALL to deny (it indicates that ALL ip addresses except the ones allowed above refuse to log on to ssh)
 

Method 2: Modify the sshd_config Parameter

The format is as follows:

Allowusers root@10.10.10.88 root@10.10.10.89 oracle@10.10.10.89

Note: 1. Multiple hosts or users are separated by spaces.

2. In this case, non-10.10.10.88 connections can also be established, and you cannot log on with the correct password.

(4) use the system-layer protection software fail2ban and iptables

Not complete ......

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.