OpenSSH Security Guide:
one you have install an openSSH server, you will need to configure it by editing the sshd_config file in the /etc/ssh directory.
First, make a back of your sshd_config file by copying it to your home directory, or by making a read only copy in home dir by doing:
sudo cp /etc/ssh/sshd_config /home/sshd_config.factory-defaults
sudo chmod a-w /home/sshd_config.factory-defaults
Creating a read-only backup in /home dir mean we have to find fresh-new configuration when we need it.
So Then we have few steps include with settings.
Step#1 Disable Root Logins:
SSH server settings are stored in the /etc/ssh/sshd_config file.To disable root logins, find this entry sshd_config.
#Prevent roo logins:
and restart the ssh service.
sudo /etc/init.d/ssh restart
Step#2 Limit User Logins
SSH logins can be limited to only certain users who need remote access. Add an AllowUsers line followed by space separated list of usernames to /etc/ssh/sshd_config.For example:
and restart the sshd service.
Step#3 Use Protocol 2
SSH has two protocols it may use, protocol 1 and protocol 2, the older protocol 1 is less secure and should be disabled unless you know that you specifically require it. Look at /etc/ssh/sshd_config file.
and restart the sshd services.
Step#4 Use,a non-standard port
By default, ssh listen for incoming connection on port 22, an effective method is to run ssh on a non-standard port.Any unused port will do, although port 1024 is preferable.
TO make changes, add a link like this to our config file.
#Run ssh on a non-standard port:
then resatart the sshd service.
Because ssh is no longer listening for connection on standard port, we will tell to our client what port to connect on. Using the ssh client from the command line, we may specify the port using the -p switch.
ssh -p 2222 <ServerUser>@192.168.10.199.
Step#5 Log Information.
By default, the OpenSSH server logs to the AUTH facility of syslog, at the Info level.if you want to record such as failed login attempts- you should logging level to VERBOSE.
To increase the level, find the following line in your sshd_config.
and changes it to this
So the details of ssh login attempts will be saved in your /var/log/auth.log file