Simple strategies to secure ssh server. Ssh is perhaps the most secure remote shell around, and at the same time the most abused one too. I have like a thousand attempts on my servers on default ssh port no 22. The tries are mostly dictionary attacks and brute forcing. Default security of ssh to delay the logins and use of strong passwords usually suffice to tackle this.

How attackers plan and execute a dictionary attack ?

First of all “nmap” is used to check if port 22 is open and is serving, then script execute dictionary attack on the port. This attack may run for years trying out various passwords and phrases commonly used. I sometimes wonder that if the ssh password is weak, the chances of my systems getting hacked is pretty high ! In situations where one cannot stop the ssh service, this is a real problem. I can enforce difficult passwords for my users, but the attacks would still go. And it also comes from across the globe on most servers at port 22 !

Solution : Change the default port to some other random port, like say port 9200. There are a number of advantages of this. Firstly, the nmap check would not return open port. I always use some random port on my ssytems and the attacks are now negligible.

How to do it ?

Change the default port to some other number from port 22 .

# In file /etc/ssh/sshd_config :
# ------------------------------------------
Port 9200

Restart the ssh server :

# service ssh restart

The commands required to log into ssh server with non default port are described in this post : http://arpandubey.com/?p=468

More options to secure ssh

  1. Disable root login via ssh : Set no to option AllowRootLogin in /etc/ssh/sshd_config
  2. Only allow selected users to log in via ssh : Set AllowUsers username1 username2 in /etc/ssh/sshd_config

You may find many more system hardening twaks at Stack Exchange Website

Comments Warmly Accepted. Regards.

 

Leave a Reply

Your email address will not be published. Required fields are marked *