Posted on July 26th, 2011Secure Shell (SSH) has been constructed with regards to security. Previously, customers often accessed Telnet in order to gain connection to their servers; however, this was the time, when servers were located right across the hall, not widely spread across the infinite internet. Secure Shell provides an additional layer of encryption to the communication, ensuring that the users can connect with the dedicated server or the virtual private server (VPS) without having to feel wary of any threat from malicious activity, such as the capturing of their password.
Even though, by default, SSH is far more protected than other Internet procedures, more can be done in order to secure it even further. The following tips will help you maintain greater security:
1. Restrict Root logins: In an ordinary situation, you have no motive to permit straight root logins to your server. Although the system administrator can be one of the roots once it has logged in (using su or sudo), it is far too dangerous to make your root account open to the entire Internet. If root logins are limited and controlled, hackers will have difficulty gaining access to them irrespective of whether they gain knowledge of the password or not.
2. Jail users in chroot directories: Servers, belonging to Linux and UNIX, provide the ability of restricting ordinary users from doing something dangerous, such as removing all the documents;, however, nothing can be done about viewing the files. With chroot, you give users access to only their own /home directories.
3. Install Brute Force Detection software: Malicious hackers can make use of forcible methods in an attempt to gain knowledge of your password and carry out malevolent activity on your server. Suitable brute force detection software can reduce the effect of such attacks as soon as they begin.
4. Maintain secure password and periodic rotations: Being the sysadmin, you have the ability to manage the requirements regarding the strength of the password along with making it compulsory for users to modify their password after a period of time.
5. Set the Timeout Interval: An extremely helpful feature, a part of SSH configuration file, is that it allows you to determine a timeout interval, disallowing users from staying logged in, irrespective of whether they have forgotten to logout . This allows you to manage better, stopping people from illegally gaining access to always-logged-in accounts.