For security reasons, it’s advisable to change the ssh standard port 22 into something else. So you will get less attacks to sshd. This improves the security for your server. Furthermore, you should block root from connecting via ssh.
Open your /etc/ssh/sshd_config
Changing the port:
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
# change the port configuration – for example to 2233
Port 2233
Protocol 2
And blocking user root
#
PermitRootLogin without-password
PermitRootLogin no
#
You need to restart the sshd script with /etc/init.d/sshd restart Please stay logged in as root, before you’ve tested the new ssh – connect with a second console.
Now create an user account with lower permissions than root. Use this account to connect your server via ssh, followed by the “su” command to get root permissions.
useradd -u 999 -g 100 remotessh -d /home/remotessh -s /bin/bash
Connecting your server with the new port:
ssh -P 2233 yourserver.com -l remotessh
Setting up a firewall with iptables to improve systems security will bei shown in this article
Helpful links:
-
Using keychains to avoid typing passwords again and again.
http://blog.synatic.net/2008/3/29/easy-ssh-authentication-with-keychain. -
A nice how-to for creating strong passwords:
http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/
drexler76
December 1st, 2008
nice hint, thank’s a lot.
Michael Kolb » Blog Archive » Setup firewall with IPtables
December 1st, 2008
[...] ssh port is bind to another one, because of improving security. The last step to complete the script is the [...]