The secure shell daemon should be hardened to prevent unauthorised access before being put into a production environment or exposed to the internet.

1. Verify the /etc/ssh/sshd_config file contains the following lines and that they are not commented out:

Protocol 2
IgnoreRhosts yes
HostbasedAuthentication no
PermitRootLogin no
PermitEmptyPasswords no
AllowTcpForwarding no (unless needed)
X11 Forwarding no (unless needed)
AllowUsers <username1> <username2> (Optional)
DenyUsers <username1> <username2> (Optional)

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.