Home » Blogs » roemasa's blog

Securing SSH Connection

  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
Posted March 11th, 2008 by roemasa

If we think SSH Server default configuration are secure enough, perhaps it just a matter of time before some stranger can connect to our server. Because SSH default configuration can't give you full protection.

There are several ways to secure our SSH Connection. We can use all of it or if we prefer to choose one of it just try, it rather than trust to your SSH default configuration.

1. SSH server for default using port 22. Use other port such port 222, port 333 or other ports. Change the default port in sshd_config.

jafar@tebetreply:~$ sudo vi /etc/ssh/sshd_config

# What ports, IPs and protocols we listen for
Port 22

2. Dont allow root login, edit sshd_config again and set 'no' for root login or you can block it.

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

3. We can also use public key authentication to connect to our SSH Server. Make sure  in sshd_config your configuration allow public key authentication.

RSAAuthentication yes
PubkeyAuthentication yes

Then generating public key in client.

In ubuntu :

k4tz@k4tz-desktop:~$ sudo ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
3f:ab:02:93:2b:e2:5f:1e:ab:78:e8:19:c3:62:6d:36

Copy your public key (id_rsa.pub) to your ~/.ssh2 directory on SSH Server.

k4tz@k4tz-desktop:~$ scp ~/.ssh/id_rsa.pub [email protected]:~/.ssh/

Create an authorization file in your ~/.ssh2 directory on SSH Server.

jafar@tebetreply:~$ chmod 700 ~/.ssh
jafar@tebetreply:~$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
jafar@tebetreply:~$ chmod 600 ~/.ssh/authorized_keys
jafar@tebetreply:~$ rm ~/id_rsa.pub

Reload SSH service both in client and server (Don't forget to reload your SSH service every time you made any change in sshd_config):

k4tz@k4tz-desktop:~$ sudo /etc/init.d/ssh reload

Now we should be able to login to SSH Server using public key authentication.


*Note : For Windows client, we can generate public keygen in Cygwin environment or we can create it using PuTTYgen.



Bookmark/Search this post with: