Securing OpenSSH
OpenSSH is a very useful utility; it allows us to configure our servers from a remote location as if we were sitting in front of the console. In the case of cloud resources, it's typically the only way to access our servers. Considering the nature of OpenSSH itself (remote administration), it's a very tempting target for miscreants who are looking to cause trouble. If we simply leave OpenSSH unsecured, this useful utility may be our worst nightmare.
Thankfully, configuring OpenSSH itself is very easy. However, the large number of configuration options may be intimidating to someone who doesn't have much experience tuning it. While it's a good idea to peruse the documentation for OpenSSH, in this section, we'll take a look at the common configuration options you'll want to focus your attention on first.
The configuration file for OpenSSH itself is located at /etc/ssh/sshd_config
, and we touched on it in Chapter 10, Connecting...