background preloader

Top 20 OpenSSH Server Best Security Practices

Top 20 OpenSSH Server Best Security Practices
OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. SSH Session in Action #1: Disable OpenSSH Server Workstations and laptop can work without OpenSSH server. #2: Only Use SSH Protocol 2 SSH protocol version 1 (SSH-1) has man-in-the-middle attacks problems and security vulnerabilities. Protocol 2 #3: Limit Users' SSH Access By default all systems user can login via SSH using their password or public key. Only allow root, vivek and jerry user to use the system via SSH, add the following to sshd_config: AllowUsers root vivek jerry Alternatively, you can allow all users to login via SSH but deny only a few users, with the following line: DenyUsers saroj anjali foo #5: Disable .rhosts Files #!

Find Out My Linux Distribution Name and Version byVivek GiteonOctober 25, 2007 last updated December 29, 2013 How do I find out what version of Linux distribution I'm using from the shell (bash) prompt? You can use any one of the following method to find out your Linux distribution and name: a] /etc/*-release file. b] lsb_release command. c] /proc/version file. Method #1: /etc/*-release file To find out what version of Linux (distro) you are running, enter the following command at the shell prompt: $ cat /etc/*-release Sample output from my RHEL v5.x server: Red Hat Enterprise Linux Server release 5 (Tikanga) Sample outputs from my Ubuntu Linux v7.10 server: DISTRIB_ID=Ubuntu DISTRIB_RELEASE=7.10 DISTRIB_CODENAME=gutsy DISTRIB_DESCRIPTION="Ubuntu 7.10" Method #2: lsb_release Command To Find Out Linux Distribution Name/Version The lsb_release command displays certain LSB (Linux Standard Base) and distribution-specific information. No LSB modules are available. How Do I Find Out My Kernel Version? Linux 2.6.32-5-amd64 x86_64 Where, Related media

Logcheck -- Logfile Scanner Securing your ssh server One of the most common questions that I see in my favorite IRC channel is: “How can I secure sshd on my server?” There’s no single right answer, but most systems administrators combine multiple techniques to provide as much security as possible with the least inconvenience to the end user. Here are my favorite techniques listed from most effective to least effective: SSH key pairs By disabling password-based authentication and requiring ssh key pairs, you reduce the chances of compromise via a brute force attack. If you’re new to using ssh keys, there are many great guides that can walk you through the process. Firewall Limiting the source IP addresses that can access your server on port 22 is simple and effective. The iptables rules would look something like this: Use a non-standard port I’m not a big fan of security through obscurity and it doesn’t work well for ssh. If you prefer this method, simply adjust the Port configuration parameter in your sshd_config file.

DenyHosts DenyHosts Frequently Asked Questions What is DenyHosts? DenyHosts is a Python script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host. Additionally, upon discovering a repeated attack host, the /etc/hosts.deny file is updated to prevent future break-in attempts from that host. An email report can be sent to a system admin. Return to top Who should use DenyHosts? Although DenyHosts is designed for the use by Linux system administrators, the script can be useful to anybody running an sshd server. Return to top Who wrote DenyHosts? Phil Schwartz. What steps can I take to make sshd more secure? OpenSSH has many settings that can be adjusted in order to increase security. What was the motivation behind DenyHosts? I run a number of Linux servers and I noticed that one of them was hacked into. How does DenyHosts work? What else does DenyHosts do? -or- Yes. # crontab -e

How to Setup a Firewall to Secure Your Linux Server Setting up a firewall is the second thing you should do immediately following the setup of your linux server (the first should be to Secure SSH Login). I’ve had great success using RackSpace Cloud Servers, they are easy to setup and use (like this one, most of my linux based guides will use a Rackspace Cloud Server as a starting point). I will assume you have your server started and you are ready to begin at the command prompt. This guide uses an Ubuntu 10.04 LucidLynx LTS install, but these steps will work on most other Linux distributions. Setting Up The Firewall Using Iptables Here is how to setup a quick firewall using iptables. If there are none, you should see something like the following output: We will be creating two files: iptables.test.rules and iptables.up.rules. Creating TEST Rules The following are a basic set of rules to get you started with your linux server. Create/open the file: Add the following to the file: Use the following command to apply your rules: Creating UP Rules

SSHblock: An SSH Dictionary-Attack Blocker SSHblock is intended to dynamically and automatically stop SSH-based dictionary attacks. Even if you have secure passwords and are sure no attacker will be able to get in, it can still be annoying to have your logs littered with “failed password” messages. SSHblock automatically blocks any IP address that fails an SSH login too many times too quickly, and automatically unblocks it after a while. How long? That depends on how many times that IP address has already been blocked; SSHblock tracks repeat offenders and applies an exponential increase algorithm to block repeat offenders for progressively increasing times. SSHblock consists of a pair of Perl scripts, a Bourne-Again rc/init script, and a file containing a couple of Swatch rules. Features Uses an exponential increase algorithm to ramp up the blocking time for repeat offenders. Requirements Perl 5.004: SSHblock is written in Perl. iptables: SSHblock does its blocking by adding a firewall rule to iptables. Documentation Download License

10.10 - How to update PlayOnLinux How to Check and Repair MySQL Tables Using Mysqlcheck When your mysql table gets corrupted, use mysqlcheck command to repair it. Mysqlcheck command checks, repairs, optimizes and analyzes the tables. 1. Check a Specific Table in a Database If your application gives an error message saying that a specific table is corrupted, execute the mysqlcheck command to check that one table. The following example checks employee table in thegeekstuff database. # mysqlcheck -c thegeekstuff employee -u root -p Enter password: thegeekstuff.employee OK You should pass the username/password to the mysqlcheck command. # mysqlcheck -c thegeekstuff employee mysqlcheck: Got error: 1045: Access denied for user 'root'@'localhost' (using password: NO) when trying to connect Please note that myisamchk command that we discussed a while back works similar to the mysqlcheck command. 2. To check all the tables in a particular database, don’t specify the table name. The following example checks all the tables in the alfresco database. 3. 4. 5. 6. 7. 8.

Related: