How to secure your system from hacking over SSH

[Saman]

One of the biggest security holes you could open on your server is to allow directly logging in as root through SSH, because any cracker can attempt to brute force your root password and potentially get access to your system if they can figure out your password.

It’s much better to have a separate account that you regularly use and simply sudo to root when necessary. Before we begin, you should make sure that you have a regular user account and that you can su or sudo to root from it.

To fix this problem, we’ll need to edit the sshd_config file, which is the main configuration file for the sshd service. The location will sometimes be different, but it’s usually in /etc/ssh/. Open the file up while logged on as root.

Code: Select all

vi /etc/ssh/sshd_config

Find this section in the file, containing the line with “PermitRootLogin” in it.

Code: Select all

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

Make the line look like this to disable logging in through ssh as root.

Code: Select all

PermitRootLogin no

Now you’ll need to restart the sshd service:

Code: Select all

/etc/init.d/sshd restart

Now nobody can brute force your root login, at least.

[Ageek]

If it a real security problem then you can change the default port (22) to your own port number. But when u loging via SSH u need to specify the port number then. Such as ; (example let say new port is 2011)

Code: Select all

ssh -p 2011 user@hostname(IP)

Further,
You can install DenyHost to your system, then you can protect from a dictionary attack or brute-force attack over SSH. DenyHost limits the number of attempt to enter the password.

Even if u r a legal user, if u mistype 3 time your password, your client IP get backlisted.

(Note: you can remove it later, but it is tricky operation. Further info you can ask for help by posting a msg here, then i can help you)

[Neo]

Ohh... It seems one of our knowledge resources going to active. Welcome back VVIP Uditha Madusanka