Protect SSH Access With hosts files and a proper sshd_config
Related Reading:
To cover a few more loose ends on the access to the ssh service running on your machine I would suggest editing your host files to properly reject connections. In this following tutorial we’re going to cover locking down ssh without installing any extra applications.
hosts.allow
The hosts.allow file is checked before hosts.deny, so make sure the rules don’t conflict.
- su (type root password)
- cd /etc/
- vi hosts.allow (you can substitute vi with any text editor of your choice. ex: kate, gedit, mousepad, nano ) Use sudo for this command if you are using Debian or Ubuntu.
Allowing things should be in the allow-file, like:
sshd: xxx.xxx.xxx.xxx
So enter the above line into your hosts.allow file. the xxx ip address should be the ip(s) that you are connecting from that should be allowed.
hosts.deny
- vi hosts.deny
- place this line in your hosts.deny file: sshd ALL EXCEPT xxx.xxx.xxx.xxx
Now on to /etc/ssh/sshd_config
- vi ssh_config
- Make sure the following linses are uncommented and have the appropriate values
- RSAAuthentication yes
- Protocol 2 (make sure it does not specify a “1?)
- PasswordAuthentication no (do this ONLY if you have set up keys shown here Linux to Linux Key Based SSH)
- AllowUsers user_name1, username2 (specify which user names are allowed to access the system)
- PermitRootLogin no
Now restart sshd
/etc/init.d/sshd restart
in ubuntu: sudo /etc/init.d/ssh restart
Related Posts
Tags: ssh, tcpwrappers
Loading ...