SSH Securing – For a better security of ssh connections.
Disabling Root Login and changing the listening port .
1.create a user for ssh like sshadminz
2.give the user wheel privilage through Whm
3.in /etc/ssh/sshd_config change the entry PermitRootLogin to no
4.in /etc/ssh/sshd_config change the entry #Port to Port xxxx (needed port,make sure that port is open in csf/iprules)
5.restart the sshd service
>ssh sshadminz@***.***.***.*** -p xxxx
Setting an SSH Legal Message
The message is contained within the following file: /etc/motd
ALERT! You are entering a secured area! Your IP and login information
have been recorded. System administration has been notified.
This system is restricted to authorized access only. All activities on
this system are recorded and logged. Unauthorized access will be fully
investigated and reported to the appropriate law enforcement agencies.
SSH In /etc/ssh/sshd_config,
#Protocol 2, 1
should be changed as
Restart ssh service
# Only allow the following users SSH Access
AllowUsers User1 User2 etc
# Deny access to the following users
DenyUsers admin etc
# Set the timeout period for idle sessions (in seconds)
# Disable Host-Based Authentication
# Remove ability to login as Root
# Change the default SSH Port (Not essential but can help uncomment if you want)
# Consider CHRooting users to their own directories.
# Subsystem sftp internal-sftp
#Match group sftponly
# ChrootDirectory /home/%u
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand internal-sftp
# Disable empty passwords from login
# Set your required Log Level (Either INFO or DEBUG)
# Turn on privilege separation
# Prevent the use of insecure home directory and key file permissions
# Turn on reverse name checking
# Do you need port forwarding?
# Specifies whether password authentication is allowed. The default is yes.