...
We are using these ssh configurations
based loosely on these recommendations
- http://thinkhole.org/wp/2006/10/30/five-steps-to-a-more-secure-ssh/
- http://www.mysql-apache-php.com/ssh-attacks.htm
- http://samcaldwell.net/index.php/technical-articles/3-how-to-articles/39-how-do-i-secure-ssh-properly
We store all of our SSH users and their public keys in an internal secure location.
First, swith to root.
Code Block |
---|
$ su - root
...
|
The sshd_config gets deployed to this path:
Code Block |
---|
/etc/ssh/sshd_config
|
on each linux box.
Make sure no on has read/write on sshd_config except root.
Code Block |
---|
chmod og-rw /etc/ssh/sshd_config
chmod u+rw /etc/ssh/sshd_config
|
And be sure to restart the sshd server for the changes to take effect.
Code Block |
---|
service sshd restart
|