Since we are using cloud based resources we use key based SSH access to our linux servers.
We are using these ssh configurations
based loosely on these recommendations
- http://thinkhole.org/wp/2006/10/30/five-steps-to-a-more-secure-ssh/
- http://www.mysql-apache-php.com/ssh-attacks.htm
- http://samcaldwell.net/index.php/technical-articles/3-how-to-articles/39-how-do-i-secure-ssh-properly
We store all of our SSH users and their public keys in an internal secure location.
First, swith to root.
| Code Block |
|---|
$ su - root ... |
The sshd_config gets deployed to this path:
| Code Block |
|---|
/etc/ssh/sshd_config |
on each linux box.
Make sure no on has read/write on sshd_config except root.
| Code Block |
|---|
chmod og-rw /etc/ssh/sshd_config chmod u+rw /etc/ssh/sshd_config |
And be sure to restart the sshd server for the changes to take effect.
| Code Block |
|---|
service sshd restart |