Thursday, February 23, 2012

SSH security hardening

The configuration file for ssh server security hardening is located at /etc/ssh/sshd_config
There are couple of entries you would like to pay little attention. Please go through each entries and try to understand what they do. Based on the requirement of your organization, you add/remove/modify the values.

1. Link a banner file.
Banner /etc/issue
Note: issue file contains the banner entry. it can be /etc/ssh-banner or something..

2. Set Maximum number of retries for authentication
MaxAuthTriesLog 3

3. Are logins to accounts with empty passwords allowed?
PermitEmptyPasswords no

4. Are root logins permitted using sshd ?
PermitRootLogin no

No comments:

Post a Comment