Hardening the Secure Shell
Note
Don't close the terminal in the middle of this or you could get locked out.
SSH, the protocol used for terminal server access and set up in Chapter 5, gives a super-secure connection straight out of the tin. What's more, we can use it to knock out brute forced logins. For OpenSSH, we'll first back up the configuration file before bolstering it using, in this case, the nano text editor:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_BACKUP
sudo nano /etc/ssh/sshd_configProtocol 2
This refers to the type of encryption. Likely you have this line in the file but, if not, add it. If you have a line that says Protocol 1
then swap that for Protocol 2.
Port 22
A local-to-remote SSH link connects to the server on port 22
. While a scan can discover this port, for instance using NMAP as we did in Chapter 2, it makes sense to change the default, at least, if you don't disable password access because this will counter the many automated scripts looking for 22 before trying...
