Latest Announcemnent
New thread
Status
Not open for further replies.
R

.:Raymond:.

Active Member
1,183
2011
254
0
Hi,

Here is a little tut I made cause I got bored :P. Enjoy

Step 1 : Add a Regular User
Code: 
adduser sshadmin && passwd sshadmin

*Note* After entering this command you will be prompted to enter a password.

Step 2 : Backup your current sshd_config
Code: 
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Step 3 : Create a new sshd_config file
Code: 
nano -w /etc/ssh/sshd_config

Step 4 : Paste this into the new file.
Code: 
## Change to other port is recommended, etc 2488
Port 22
 
## Sets listening address on server. default=0.0.0.0
#ListenAddress 192.168.0.1
 
## Enforcing SSH Protocol 2 only
Protocol 2
 
## Disable direct root login, with no you need to login with admin user, then "su -" you into root
PermitRootLogin no
 
##
UsePrivilegeSeparation yes
 
##
AllowTcpForwarding no
 
## Disables X11Forwarding
X11Forwarding no
 
## Checks users on their home directority and rhosts, that they arent world-writable
StrictModes yes
 
## The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication
IgnoreRhosts yes
 
##
HostbasedAuthentication no
 
## RhostsAuthentication specifies whether sshd can try to use rhosts based authentication. 
RhostsRSAAuthentication no
 
## Adds a login banner that the user can see
Banner /etc/motd
 
## Enable / Disable sftp server
#Subsystem      sftp    /usr/libexec/openssh/sftp-server
 
## Add users that are allowed to log in
AllowUsers sshadmin
The port number should be changed to something else (Example : 2194
Ctrl + x to save it now.


Step 5 : Restart SSHD
Code: 
service sshd restart

*Note* Do not close your current ssh window in case of problems

Now open a new ssh window and try connecting with the port and the user you added. Once you are logged into type su - and it will ask you for root pass. Once you enter it correctly blamo your in :)
 
Last edited:
13 comments
Long description. I think almost all SSH pros using this method.
It's very easy to do if you are using kloxo panel. login to panel and change ssh port. that's all;)
Forgiven said:
Hi,

Here is a little tut I made cause I got bored :P. Enjoy

Step 1 : Add a Regular User
Code: 
adduser sshadmin && passwd sshadmin

*Note* After entering this command you will be prompted to enter a password.
Step 2 : Backup your current sshd_config
Code: 
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Step 3 : Create a new sshd_config file
Code: 
nano -w /etc/ssh/sshd_config
Step 4 : Paste this into the new file.
Code: 
## Change to other port is recommended, etc 2488
Port 22
 
## Sets listening address on server. default=0.0.0.0
#ListenAddress 192.168.0.1
 
## Enforcing SSH Protocol 2 only
Protocol 2
 
## Disable direct root login, with no you need to login with admin user, then "su -" you into root
PermitRootLogin no
 
##
UsePrivilegeSeparation yes
 
##
AllowTcpForwarding no
 
## Disables X11Forwarding
X11Forwarding no
 
## Checks users on their home directority and rhosts, that they arent world-writable
StrictModes yes
 
## The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication
IgnoreRhosts yes
 
##
HostbasedAuthentication no
 
## RhostsAuthentication specifies whether sshd can try to use rhosts based authentication. 
RhostsRSAAuthentication no
 
## Adds a login banner that the user can see
Banner /etc/motd
 
## Enable / Disable sftp server
#Subsystem      sftp    /usr/libexec/openssh/sftp-server
 
## Add users that are allowed to log in
AllowUsers sshadmin
The port number should be changed to something else (Example : 2194
Ctrl + x to save it now.


Step 5 : Restart SSHD
Code: 
service sshd restart
*Note* Do not close your current ssh window in case of problems

Now open a new ssh window and try connecting with the port and the user you added. Once you are logged into type su - and it will ask you for root pass. Once you enter it correctly blamo your in :)
Click to expand...
 
Forgiven said:
@motion
disabling direct root login and adding the regular user is also a good security measure.
Click to expand...
If VPS: it's worthless unless you are accessing SSH from risky node.
If dedi: you don't need your root SSH access always thus regular better.

With simple VPS SSH over SSH again SSH it's pathetic.
Anonymous Root SSH port is also a good security measure ;)
 
very good tut, most people new to VPS stuff wouldn't even think of it, so it will help them to have a bit more basic security atleast.
 
Something went wrong and almost fucked up everything. Luckily I was logged in and restored the bak file. Thanks anyways :)
 
Status
Not open for further replies.
Back
Top