l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Aug 04 22:23

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Securing SSH
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Securing SSH

I consider most of these steps pretty paranoid, since ssh is pretty
secure in the first place (at least the current version anyways).

Besides the things mentioned by other people:
	Do you have physical security?
	BIOS and GRUB/LILO passwords might help the casual physical attack
	Have only the required ports open, use nmap to verify (locally and
	You are fully patched right?
	All non-used user accounts closed
	All open accounts have NULL passwords (use ssh-keys for access)
	Do you have backups?
	Are they secure as well.
	Do you need encrypted swap?
	Encrypted FS?

On Fri, Aug 01, 2003 at 11:50:41AM -0700, Daniel Hurt wrote:
> I know the title is kind of redundant, but I was curious if there is 
> anything beyond these couple of steps that I have taken to secure ssh?
> First I have edited the /etc/securetty to contain only these entries:
> tty1
> tty2
> tty3
> tty4
> tty5
> tty6
> This is to allow root to login from the local console only.  I have also 
> edited the sshd_conf file to disallow root logins.  This box is sitting 
> behind a router that only has port 22 forwarded to this machine and I have 
> setup the router so that it does not respond to ping request from the 
> outside world.  The final thing, I could think of is to set hosts.allow to 
> the certain IPís that I might connect from, but I would like to connect 
> from anywhere to this machine.  Is there anything else that I might 
> consider to help keep the machine secure?
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

Bill Broadley
UC Davis
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.