Académique Documents
Professionnel Documents
Culture Documents
https://www.linux.com/learn/5-ssh-hardening-tips
BROUGHT
T O YO U
BY
CA R LA S CH RODE R
(/USERS/CSCHRODER)
(/USERS/CSCHRODER)
J U N E 29, 2016
Make your OpenSSH sessions more secure with these simple tips.
1 de 8
14-07-2016 15:48
https://www.linux.com/learn/5-ssh-hardening-tips
When you look at your SSH server logs, chances are they are full of
attempted logins from entities of ill intent. Here are 5 general ways (along
with several specic tactics) to make your OpenSSH sessions more secure.
2 de 8
14-07-2016 15:48
https://www.linux.com/learn/5-ssh-hardening-tips
3 de 8
14-07-2016 15:48
https://www.linux.com/learn/5-ssh-hardening-tips
This example creates a new key pair of 3072 bits strength, which is stronger
than the default 2048 bits, and gives it a unique name so you know what
server it belongs to:
$ ssh-keygen -t rsa -b 3072 -f id_mailserver
This creates two new keys, id_mailserver and id_mailserver.pub. id_mailserver
is your private key -- do not share this! Now securely copy your public key
to your remote server with the ssh-copy-id command. You must already
have a working SSH login on the remote server:
4 de 8
14-07-2016 15:48
https://www.linux.com/learn/5-ssh-hardening-tips
5 Comments
Comments
G RU N CH
(/USERS/GRUNCH)
Permalink
| JU LY 5, 2016
(/comment/14610#comment-14610)
5 de 8
14-07-2016 15:48
https://www.linux.com/learn/5-ssh-hardening-tips
I A N _ M ART I N
(/USERS/IANMARTIN)
Permalink
| JU NE 30, 2016
(/comment/14589#comment-14589)
I could be wrong,
but haven't you missed a rename?
$ ssh-copy-id -i id_rsa.pub user@remoteserver
(mailto:user@remoteserver)
will copy the id_rsa.pub le, which I believe is the default le
created by ssh-keygen; however in the paragraph before you've
changed the default lename:
ssh-keygen -t rsa -b 3072 -f id_mailserver
so one instruction or other needs to be amended.
C S CH RO D E R
(/USERS/CSCHRODER)
Permalink
| JU LY 12, 2016
(/comment/14649#comment-14649)
6 de 8
14-07-2016 15:48
https://www.linux.com/learn/5-ssh-hardening-tips
E L D ER - G E E K
(/USERS/ELDER- GEEK)
Permalink
| JU NE 29, 2016
(/comment/14584#comment-14584)
Typically I have
changed the port ssh is on and run fail2ban and disable password
logins.
Is there really any more security to be gained at this point by
disabling root logins?
KU S T O D I A N
(/USERS/KUSTODIAN)
Permalink
| JU NE 29, 2016
(/comment/14583#comment-14583)
7 de 8
14-07-2016 15:48
8 de 8
https://www.linux.com/learn/5-ssh-hardening-tips
14-07-2016 15:48