Posts

Showing posts from December, 2011

Top 20 OpenSSH Server Best Security Practices

Image
OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are  rumors  about OpenSSH  zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security. Default Config Files and SSH Port /etc/ssh/sshd_config  - OpenSSH server configuration file. /etc/ssh/ssh_config  - OpenSSH client configuration file. ~/.ssh/  - Users ssh configuration directory. ~/.ssh/authorized_keys  or  ~/.ssh/authorized_keys  - Lists the public keys (RSA or DSA) that can be used to log into the user’s account /etc/nologin  - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow  and  /etc/hosts.deny  : Access co