pitr.net » ssh http://www.pitr.net Sat, 11 Jul 2009 19:25:10 +0000 en hourly 1 http://wordpress.org/?v=3.0 Adding a bit of security to your server http://www.pitr.net/index.php/2008/11/07/adding-a-bit-of-security-to-your-server/ http://www.pitr.net/index.php/2008/11/07/adding-a-bit-of-security-to-your-server/#comments Fri, 07 Nov 2008 19:17:11 +0000 pj http://www.pitr.net/index.php/2008/11/07/adding-a-bit-of-security-to-your-server/ If you really need to keep your sshd running on a publicly accessible port and IP, this is a piece of configuration

that adds a tiny bit of extra security to your server. By specifying which usergroups are allowed to actually use ssh, you are guarding the default (system) accounts (which shouldn’t have easily guessable passwords in the first place!) with an extra layer.

Add a new group:

addgroup sshusers

Add the users which are allowed to connect using ssh:

vigr (and add the users to the group)

Add the following line to /etc/ssh/sshd_config:

AllowGroups sshusers

And restart sshd. Make sure that you have a working ssh session when testing out the changes!

]]> http://www.pitr.net/index.php/2008/11/07/adding-a-bit-of-security-to-your-server/feed/ 0