On Sun, Dec 11, 2005 at 02:56:50PM -0800, Scott Leighton wrote:
On Sunday 11 December 2005 2:41 pm, Bruno Cochofel wrote:
I need to install an ssh server and I need some information about security options. I know that has been some kind off "attacks" on port 22 on the internet so I want to know a little more about those options under /etc/ssh/sshd_config.
The options are pretty well documented in man 5 sshd_config
Most people seem to strongly recommend setting
Protocol 2
instead of
Protocol 1,2
and
PermitRootLogin no
instead of
PermitRootLogin yes
how about DenyGroup DenyUsers AllowGroup AllowUsers these seem usefull for preventing brute force attacks on accounts like www, postgres, uucp, etc.
You will also see many people recommending you change the default port from 22 to some high port number, but I'm not so sure that makes much of a difference.
Scott
-- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.11.4-21.9-default x86_64 SuSE Linux 9.3 (x86-64)
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- David Bear phone: 480-965-8257 fax: 480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 "Beware the IP portfolio, everyone will be suspect of trespassing"