How to configure your ssh for security in your web server

The mayority of web applications built with open source tools, when changed to production state, are hosted in servers with linux as operating system and the mayority of hosting providers offer the posibility to connect by ssh, ftp and web control panel like cpanel.

The ssh is a communication protocol that allows to execute shell commands in the server machine where our web applications are hosted. Some basic rules of security that we may want to implement, are done by modifying the file /etc/ssh/sshd_config .

Suggestions for basic configuration:

  1. Dont allow direct login to root user
    #PermitRootLogin yes  — This is the default value
    PermitRootLogin no
  2. The tries number is max. 2
    #MaxAuthTries 6  — This is the default value
    MaxAuthTries 2
  3. Change the port number
    #Port 22  — This is the default value
    Port 8722
  4. Allow only request by ssh2 protocol
    #Protocol 2,1  — This is the default value
    Protocol 2
  5. Configure the time of close in inactive session, superior that 5 minutes
    #ClientAliveInterval 0  — This is the default value
    ClientaliveInterval 300 

    #ClientAliveCountMax 3  — This is the default value
    ClientAliveCountMax 0

Next step:
Then you need restart your ssh services with the following command:
/etc/init.d/sshd restart

With this, your ssh connections have more security properties.


Tagged: ,