Oct 09 2007

If you’re going to run an ssh server

Category: Linux,Techerm @ 11:36 am

Before you think about running an ssh server, you should also do the following.

Security is important, and keeping the bad people out, and letting the good people in is what it’s all about.

Ssh is a great program, it allows you to log in to your computer anywhere in the world secure, and encrypted.

Let’s start with installing, if you’re running x/k/ed/ubuntu

sudo apt-get install openssh-client openssh-serversudo apt-get install openssh-client openssh-server

Next edit /etc/sshd_config
Find this line, and make sure it says no.
PermitRootLogin no

The reason you don’t want to allow root to log in remotely is it’s a common username if anyone does a brute force/dictionary attack on your server they will probably use the username root.

The good news is you can easily log in as root if you’re logged in via ssh.

user@localhost $ ssh user@remote-host-or-ip
user@remote-host-or-ip $ su

Or next step is to block all the bad guys from even being able to access your site.
Denyhosts is the way to go.

The cool thing about denyhosts is if someone is running a brute force attack on your ssh server, and they get the password wrong X amount of times it blocks that ip from accessing your ssh server, or if you prefer everything.

Another REALLY cool thing about denyhosts is the database. You can set up denyhosts to connect to a remote database, and get all the attacking ip addresses out there, so they don’t even have to attempt to connect to your machine, and you can block any potential threats.

The bottom line is if you are running an ssh server that is accessible from the net, then you should be running denyhosts.

That’s all I really have to say on the subject.


Leave a Reply

You must be logged in to post a comment. Login now.