User Tools

Site Tools


securing_remote_ssh_access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
securing_remote_ssh_access [2013/01/04 22:10]
206.174.106.118 [Port 22]
securing_remote_ssh_access [2013/01/28 09:55]
142.103.194.1
Line 1: Line 1:
-====== Securing Remote SSH Access ======+====== Securing Remote ​Secure Shell (SSHAccess ======
  
 If you need to login to your node using SSH remotely, the following will help you avoid unauthorized access to your node. If you need to login to your node using SSH remotely, the following will help you avoid unauthorized access to your node.
Line 33: Line 33:
 There are two ways of doing this: There are two ways of doing this:
  
-  - In some routers, the port forwarding configuration allows you to redirect target port. For example port 22500 externally can be mapped to port 22 internally to your IRLP system.+  - In some routers, the port forwarding configuration allows you to redirect target port. For example port 22500 externally can be mapped to port 22 internally to your IRLP system. ​
   - If your router does not support redirecting the target port, the configuration of sshd can be changed to listen on a non-standard port. As root edit ''/​etc/​ssh/​sshd_config'',​ find the line with ''​Port 22   - If your router does not support redirecting the target port, the configuration of sshd can be changed to listen on a non-standard port. As root edit ''/​etc/​ssh/​sshd_config'',​ find the line with ''​Port 22
-''​ and under it on a new line add ''​Port 22500''​. Save the file, and restart sshd ''/​etc/​init.d/​sshd restart''​. ​Update ​the port forwarding ​configuration ​in your router to use the new port. If you are already forwarding 22, remember to remove ​it once you have tested connecting to the new port numberBy leaving Port 22 enabled in sshd you can still use this port on your internal network for convenienceor you can take it out all together if you have no need for this.+''​ and under it on a new line add ''​Port 22500''​. Save the file, and restart sshd ''/​etc/​init.d/​sshd restart''​. ​Restarting sshd will not disconnect an existing session. 
 +  - In each case preserve ​the port 22 forwarding ​you may already have in place, and add an additional port forward for the new port and test it by updating ​the settings in your SSH client and open a new sessionOnce you're happy everything is working as expected ​you can remove or disable forwarding for port 22then check you can no longer connect on port 22 to be sure.
securing_remote_ssh_access.txt · Last modified: 2013/01/28 09:55 by 142.103.194.1