Securing SSH Access

Posted by: on December 26th, 2011 | Categories: Linux | Tags: , ,

One of the most common mistakes that people do when they allow SSH access to a server over the public internet is that they allow direct root access to the server. Some small organizations choose to host their websites on single VPS in a cloud or maybe use that VPS for more other reasons and their hosting provider will only provide them SSH access.

Hackers will always try to access your server using “root” and keep trying random passwords, and sometimes they do get lucky because someone just used a dictionary password instead of a complex strong password.

Here is a simple way that will make it very challenging for a hacker to break into your SSH, it is simply doubling the layers of access to your server, this means that the user has to login using a user account that exist on the system first, and then switch to the root using “su -” to get root access, therefor, you’re making it impossible for this hacker to gain access into your server.

Here is how you do it:

1. Create a new user

[root@myserver /]# useradd mynewuser
[root@myserver /]# passwd mynewuser
[root@myserver /}# Changing password for user mynewuser.
New UNIX password:*********
Retype new UNIX password:**********
passwd: all authentication tokens updated successfully.

chose a complex password that looks something like that: X5jtnR$!68-?/1@

2. Now, you need to allow that user access to SSH and at the same time deny “root” access to SSH directly in the /etc/ssh/sshd_config file. in this example i will use “nano” editor, you may also use “vi” if you like, its up to you.

[root@myserver /]# nono /etc/ssh/sshd_config

3. Go to the very bottom of the sshd_config file, add the following 2 lines

DenyUsers root
AllowUsers mynewuser

if there is more than one user that will need access, then add them and just leave a space between each user.

4. Save the file, then restart the sshd service in order for the new configurations to take effect.

[root@myserevr /]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

5. Now log off your SSH and try to login with root, it should not allow you !

you have to login with the “mynewuser” account first then switch to root:

login as: mynewuser
password: ********
[mynewuser@myserver ]$ su -
password: **********
[root@myserver /]#

 

 

 

Print Friendly

No comments yet.
You must be logged in to post a comment.