SSH Security
Changing SSH Port
Login as root
to find your current port run the following command
# cat /etc/ssh/sshd_config | grep Port
and if you would like to change the port open /etc/ssh/sshd_config with your favorite editor and change the Port line. Many users have noted that running ssh on ssl enabled ports works for getting around firewalls
| Normal Service | Port |
| https | 443 |
| pop3 ssl | 993 |
| smtp ssl | 465 |
run the following command to reload ssh daemon
# /etc/init.d/sshd restart
Disable Password Logins
WARNING: if you did not setup your public keys you will have to login via the prgmr console and fix everything manually
To check to see if you have password logins enabled run the following command as root
# cat /etc/ssh/sshd_config | grep PasswordAuthentication
if it returns
PasswordAuthentication no
Then password logins are already disabled, if there is a # at the beginning of the line then you must remove the # before it will take affect
To disable password less files open /etc/ssh/sshd_config with your favorite editor and look for the following
PasswordAuthentication yes
Change it to
PasswordAuthentication no
if you do not see the PasswordAuthentication you may need to create it
You need to reload the ssh server for the changes to appear
# /etc/init.d/ssh reload
Disable Root Logins
WARNING: if you did not setup a user account and you are only using the root account please make a user account first
To check to see if you have root logins enabled run the following command as root
# cat /etc/ssh/sshd_config | grep PermitRootLogin
if it returns
PermitRootLogin no
Then root logins are already disabled
To disable password less files open /etc/ssh/sshd_config with your favorite editor and look for the following
PermitRootLogin yes
Change it to
PermitRootLogin no
if you do not see the PasswordAuthentication you may need to create it
You need to reload the ssh server for the changes to appear
/etc/init.d/ssh reload
Using openssh keys
To Generate yourself a set of ssh keys use the following command
# ssh-keygen -t rsa
Definition of passphrase:
A password that comprises a whole phrase
http://en.wiktionary.org/wiki/passphrase
an example passphrase could be
my cat likes to eat flys
now for more security we could replace common letters with numbers
my cat lik35 t0 3at fly5
After you have generated your key you need to upload it to your host, the most common way would be via scp
# scp ~/.ssh/id_rsa.pub username@example.com:~
Now login to your server and run the following commands
# mkdir .ssh # cat id_rsa.pub >> .ssh/authorized_keys # rm id_rsa.pub
