securing_remote_ssh_access
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
securing_remote_ssh_access [2013/01/05 06:07] – [Disable Root Logins] 206.174.106.118 | securing_remote_ssh_access [2013/01/28 17:55] (current) – 142.103.194.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Securing Remote SSH Access ====== | + | ====== Securing Remote |
If you need to login to your node using SSH remotely, the following will help you avoid unauthorized access to your node. | If you need to login to your node using SSH remotely, the following will help you avoid unauthorized access to your node. | ||
Line 27: | Line 27: | ||
The default SSH port 22 is where anything and everything will try when looking for Linux and Unix hosts to compromise. | The default SSH port 22 is where anything and everything will try when looking for Linux and Unix hosts to compromise. | ||
- | If you currently have port 22 open to the world, as root '' | + | If you currently have port 22 open to the world, as root '' |
Using a non-standard port will avoid most of the attention. In this example we'll use port 22500. Any high port number of your choice is generally OK. | Using a non-standard port will avoid most of the attention. In this example we'll use port 22500. Any high port number of your choice is generally OK. | ||
Line 33: | Line 33: | ||
There are two ways of doing this: | There are two ways of doing this: | ||
- | - In some routers, the port forwarding configuration allows you to redirect target port. For example port 22500 externally can be mapped to port 22 internally to your IRLP system. | + | - In some routers, the port forwarding configuration allows you to redirect target port. For example port 22500 externally can be mapped to port 22 internally to your IRLP system. |
- If your router does not support redirecting the target port, the configuration of sshd can be changed to listen on a non-standard port. As root edit ''/ | - If your router does not support redirecting the target port, the configuration of sshd can be changed to listen on a non-standard port. As root edit ''/ | ||
- | '' | + | '' |
+ | - In each case preserve |
securing_remote_ssh_access.1357366025.txt.gz · Last modified: 2013/01/05 06:07 by 206.174.106.118