SSH Cheat Sheet

How to Audit SSH

The /etc/ssh/sshd_config file has many options. Fortunately in a typical environment you have to only focus on a few options to ensure safety. The values you should audit are:

  • Port
  • PermitRootLogin
  • PasswordAuthentication

Port

In some environments setting Port to something else apart from the default of 22 is a good practice. At the minimum this should thrart common port scanners. But be aware, a nefarious hacker will scan the other ports and pretty soon they might be break into those too.

PermitRootLogin

On most systems it’s undesirable to have PermitRootLogin set to no. On Debian based systems this is especially true, because the default installation workflow discourages creating a root user.

PasswordAuthentication

If you have working key-based access to a Linux server, it’s desirable to switch off PasswordAuthentication. This is especially important because it will highly discourage port scanners.

When PermitRootLogin doesn’t work

Here is a workaround for when PermitRootLogin doesn’t work.

No Internet facing Linux server should ever have SSH enabled for password login. You should be using key-based access (if you don’t know how then please learn). Here are the reasons why password login for SSH should not be enabled:

  • Someone will try to hack it
  • Even if they don’t hack it, continuous prodding of incorrect usernames on SSH port will be like a DoS.

The easy way to fix this problem of SSH servers that have password access is to simply do this:

vi /etc/ssh/sshd_config
PermitRootLogin no

Of course you should only do that once your key has been copied across.

But what if this doesn’t work? I’ve had hit and miss with this over the years. I think it’s either because Redhat and Debian deritivates differ, or because SSH versions differ. Only recently I discovered if you try the above and you’re sure your key is already on the box, and it still doesn’t work, you can do this:

vi /etc/ssh/sshd_config
PermitRootLogin without-password

As usual always remember to restart SSH for the changes to take effect:

service sshd restart

Thanks for watching. Contact us or leave a comment if you have any questions.

Tags

  • Updated:

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright 2024 © All rights Reserved

Scroll to Top