Knowledgebase
SSHD Best Practices
Posted by Talal Ahmad on 26 September 2016 06:28 AM

Summary:

  • deny all, permit by exception (iptables or tcpwrappers, AllowUsers)
  • never log into sshd as root (PermitRootLogin no)
  • use strongly passworded ssh keys instead of password auth (PasswordAuthentication no)
  • remove temporary accounts, such as those used by 3rd party support companies
  • change any passwords used by 3rd party support users
  • never reuse passwords
  • rotate passwords periodically, if you use them
  • rotate ssh keys periodically
  • use WHM >> Configure Security Policies
  • configure a remote syslog server. that way if you do get hacked, you still have logs safely stored at another location

 

(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).