Secure Your Server With SSH Access

Secure Shell (SSH), sometimes known as Secure Socket Shell, is a UNIX-based command interface and protocol for securely getting access to a remote computer. It is widely used by network administrators to control Web and other kinds of servers remotely.

SSH is actually a suite of three utilities – slogin, ssh, and scp – that are secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp. SSH commands are encrypted and secure in several ways. Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted.

These measures can be taken to secure your server, with SSH access.

Udate OS, Apache and CPanel to the latest stable versions.

This can be done from WHM/CPanel.

Restrict SSH Access

To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.

SSH into server and login as root.

At command prompt type: vi /etc/ssh/sshd_config

Scroll down to the section of the file that looks like this:

Port 22

Protocol 2, 1

ListenAddress 0.0.0.0

ListenAddress ::

Uncomment and change

Port 22

to look like

Port 5678 (choose your own 4 to 5 digit port number (49151 is the highest port number)

Uncomment and change

Protocol 2, 1

to look like

Protocol 2

Uncomment and change

ListenAddress 0.0.0.0

to look like

ListenAddress 123.123.123.15 (use one of your own IP Addresses that has been assigned to your server)

Note 1: If you would like to disable direct Root Login, scroll down until you find

PermitRootLogin yes

and uncomment it and make it look like

PermitRootLogin no

Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard.

Note 2: You can also create a custome nameserver specifically for your new SSH IP address. Just create one called something like ssh.xyz.com or whatever. Be sure to add an A address to your zone file for the new nameserver.

Now restart SSH

At command prompt type: /etc/rc.d/init.d/sshd restart

Exit out of SSH, and then re-login to SSH using the new IP or nameserver, and the new port.

Note: If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.

Disable Telnet

To disable telnet, SSH into server and login as root.

At command prompt type: vi /etc/xinetd.d/telnet

change disable = no to disable = yes

Save and Exit

At command prompt type: /etc/init.d/xinetd restart

Server e-mail everytime someone logs in as root

To have the server e-mail you everytime someone logs in as root, SSH into server and login as root.

At command prompt type: pico .bash_profile

Scroll down to the end of the file and add the following line:

echo ‘ALERT – Root Shell Access on:’ date who | mail -s “Alert: Root Access from who | awk '{print $6}'[email protected]

Save and exit.

Set an SSH Legal Message

To an SSH legal message, SSH into server and login as root.

At command prompt type: vi /etc/motd

Enter your message, save and exit.

Note: I use the following message…

ALERT! You are entering a secured area! Your IP and login information have been recorded. System administration has been notified.

This system is restricted to authorized access only. All activities on this system are recorded and logged. Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.â€

Now everytime someone logs in as root, they will see this message…

Disable Shell Accounts

Disable identification output for Apache

To disable the version output for proftp, SSH into server and login as root.

At command prompt type: vi /etc/httpd/conf/httpd.conf

Scroll (way) down and change the following line to

ServerSignature Off

Restart Apache

At command prompt type: /etc/rc.d/init.d/httpd restart

Get in touch with us.

Leave a Comment

Your email address will not be published. Required fields are marked *