Friday, September 2, 2011

OpenSSH Security Tips

OpenSSH is tool used for connecting and managing remote linux machines. And this should be secured. I am here by telling some security tips to make the SSH server perfect.

1.The following iptable rule will drop incoming connections which make more than 5 connection attempts upon port 22 within 60 seconds

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP

2.Disable Empty Passwords

Open the file /etc/sshd/sshd_config and

PermitEmptyPasswords no

3.TCPWrappers

open --> vi /etc/hosts.deny
sshd:ALL

then

open --> vi /etc/hosts.allo

sshd:192.168.1.32 192.168.1.21 (Change to your desired IP)

4.Change the SSH Port

The Idea behind this , suppose we change the port 22 to something other say Oracle 1521 , the attackers thinks that this is an Oracle server and will try oracle hacking tools :)

Port 300

5.Force Logout for Idle Sessions
ClientAliveInterval 300
ClientAliveCountMax 0