Securing SSH Connection
If we think SSH Server default configuration are secure enough, perhaps it just a matter of time before some stranger can connect to our server. Because SSH default configuration can't give you full protection.
There are several ways to secure our SSH Connection. We can use all of it or if we prefer to choose one of it just try, it rather than trust to your SSH default configuration.
1. SSH server for default using port 22. Use other port such port 222, port 333 or other ports. Change the default port in sshd_config.
jafar@tebetreply:~$ sudo vi /etc/ssh/sshd_config
# What ports, IPs and protocols we listen for
Port 22
2. Dont allow root login, edit sshd_config again and set 'no' for root login or you can block it.
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
3. We can also use public key authentication to connect to our SSH Server. Make sure in sshd_config your configuration allow public key authentication.
RSAAuthentication yes
PubkeyAuthentication yes
Then generating public key in client.
In ubuntu :
k4tz@k4tz-desktop:~$ sudo ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
3f:ab:02:93:2b:e2:5f:1e:ab:78:e8:19:c3:62:6d:36
Copy your public key (id_rsa.pub
) to your ~/.ssh2
directory on SSH Server.
k4tz@k4tz-desktop:~$ scp ~/.ssh/id_rsa.pub [email protected]:~/.ssh/
Create an
file in your authorization
~/.ssh2
directory on SSH Server.
jafar@tebetreply:~$ chmod 700 ~/.ssh
jafar@tebetreply:~$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
jafar@tebetreply:~$ chmod 600 ~/.ssh/authorized_keys
jafar@tebetreply:~$ rm ~/id_rsa.pub
Reload SSH service both in client and server (Don't forget to reload your SSH service every time you made any change in sshd_config):
k4tz@k4tz-desktop:~$ sudo /etc/init.d/ssh reload
Now we should be able to login to SSH Server using public key authentication.
*Note : For Windows client, we can generate public keygen in Cygwin environment or we can create it using PuTTYgen.
- roemasa's blog
- Add new comment
- 200 reads