Knowledgebase: Security
SSHD Best Practices
Posted by on 26 September 2016 11:28 AM


  • deny all, permit by exception (iptables or tcpwrappers, AllowUsers)
  • never log into sshd as root (PermitRootLogin no)
  • use strongly passworded ssh keys instead of password auth (PasswordAuthentication no)
  • remove temporary accounts, such as those used by 3rd party support companies
  • change any passwords used by 3rd party support users
  • never reuse passwords
  • rotate passwords periodically, if you use them
  • rotate ssh keys periodically
  • use WHM >> Configure Security Policies
  • configure a remote syslog server. that way if you do get hacked, you still have logs safely stored at another location


(0 vote(s))
Not helpful