Enhanced Linux server

Protection for user SS SSH connections provide a connection to a remote computer.

As RemoteShell (RSH) and Telnet replacement, system administrators typically use SSH login from the remote computer to the server to perform maintenance and management tasks. Even if SSH provides protocol agreement than the superseded with higher levels of security, you can still make some settings to make it more secure. By stealth security enhanced SSH's most commonly used method is to change the port number to access it. The principle is: as the services running on the secure port, therefore rejects the attacker uses the default port or TCP22 established connection access. This protection method is SSH many forum debate. Change the port number does not prevent an attacker port SSH port scanners; for this reason, many system administrators do not change the port. But this method can prevent the normal script an attacker using a dedicated automatic tool found open TCP22 SSH port to attack, and impatience of the attacker if not the first port range found SSH, they might give up because of boredom. To change the SSH port address, you first need to install SSH on the server. Input: sudoaptitudeinstallopenssh-server press ENTER, and then enter the password. This command installs the openssh remote login to your server. Configure the SSH file, you should copy the file to prevent accidents. Any time you can restore to original state. Perform the following steps: 1. in the command line, enter sudocp/etc/ssh/sshd_config/ete/ssh/sshd_config.back2. press Enter, and then enter the password to complete the backup of this file. Now, you need to change sshd_config file permissions so that you can change the file: 1. Enter sudochmod644/etc/ssh/sshd_conig2. press Enter. You can now use emacs or vi, such as a text editor to change the file: emacs/etc/ssh/sshd_conig on the files to make more changes, keep open emacs or vi. Installing emacs to install emacs, you need to use sudoaptitudeinstallemacs now you need to find the settings in the file number of the port. When you find the part (the default is port 22), you can change it to any number. A total of more than 65,000 ports; choice number larger ports, but you cannot option you can remember. Remember that a skilled attacker knows how to think. Change the port number is 22222 or 22022 is a common error, select do not easily guessed. Root login privileges on all Ubuntu release, the root user is disabled, but you can activate the account. If you are using SSH, you should refuse to allow the Root account to log on remotely to the server to avoid your own or a attacker to activate this account. In keeping the Editor open, scroll down to the line for PermitRootLogin. The default value is yes. Whitelist user can Server enhanced SSH is another step: allowing only certain users use this service. This process is known as whitelisted. To create a white list, you first need to be allowed to use the SSH remote access server, the user name of the staff. Then, perform the following steps: 1. Add the following line to your sshd_config file: # AllowonlycertainusersAllowUsersusernameusernameusername2. using the user name in the list of alternative terms username. Or use # AllowonlycertaingroupsAllowGroupsgroupgroup allows SSH access to the group. Similarly, the use of your user group to replace the words in the sample group. 3. save the configuration file, and then exit the editor. SSH needs to be restarted for the change to take effect. No need to shut down the computer, simply enter sudoservicesshrestart press Enter and provide the password. Service restarts and tell you [OK]. For more advanced users, you can also use many other ways to further secure SSH. If you already have many use GNU/Linux and the experience of SSH, you should consider taking these steps.