Table of Contents
How to Audit SSH
/etc/ssh/sshd_config file has many options. Fortunately in a typical environment you have to only focus on a few options to ensure safety. The values you should audit are:
In some environments setting
Port to something else apart from the default of
22 is a good practice. At the minimum this should thrart common port scanners. But be aware, a nefarious hacker will scan the other ports and pretty soon they might be break into those too.
On most systems it’s undesirable to have
PermitRootLogin set to
no. On Debian based systems this is especially true, because the default installation workflow discourages creating a root user.
If you have working key-based access to a Linux server, it’s desirable to switch off PasswordAuthentication. This is especially important because it will highly discourage port scanners.
When PermitRootLogin doesn’t work
Here is a workaround for when PermitRootLogin doesn’t work.
No Internet facing Linux server should ever have SSH enabled for password login. You should be using key-based access (if you don’t know how then please learn). Here are the reasons why password login for SSH should not be enabled:
- Someone will try to hack it
- Even if they don’t hack it, continuous prodding of incorrect usernames on SSH port will be like a DoS.
The easy way to fix this problem of SSH servers that have password access is to simply do this:
vi /etc/ssh/sshd_config PermitRootLogin no
Of course you should only do that once your key has been copied across.
But what if this doesn’t work? I’ve had hit and miss with this over the years. I think it’s either because Redhat and Debian deritivates differ, or because SSH versions differ. Only recently I discovered if you try the above and you’re sure your key is already on the box, and it still doesn’t work, you can do this:
vi /etc/ssh/sshd_config PermitRootLogin without-password
As usual always remember to restart SSH for the changes to take effect:
service sshd restart
Thanks for watching. Contact us or leave a comment if you have any questions.