Ubuntu – Securing SSH or OpenSSH

Posted on Posted in Technology No Comments

Background

Concern that having SSH/OpenSSH running with the default configuration (/etc/ssh/sshd_config) exposes an attack vector increasing the risk of Ubuntu being compromised.

Issue

The more externally available services running on a system, the greater the risk of attracting unwanted visitors. The default configuration of SSH is fairly flexible in order to accommodate most users, but the universal flexibility comes at the cost of security.

Solution

Four important modifications: change the port, use keys rather than passwords, disable password-based authentication, and disable root login. All of these modifications are made in the /etc/ssh/sshd_config file, as outlined below:

  • Change the default port from 22 to another port: Port 12345
  • Setup ssh keys for user accounts: Great guide
  • Disable password-based authentication for all accounts: PasswordAuthentication no
  • Disable root login access, or at least restrict root login access to key-based authentication: PermitRootLogin no

Sources

Disabling password-based authentication: http://www.linux.org/threads/how-to-force-ssh-login-via-public-key-authentication.4253/
Setting up ssh keys for user accounts: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys–2
More options: https://help.ubuntu.com/community/SSH/OpenSSH/Configuring

Leave a Reply

Your email address will not be published. Required fields are marked *

*