≡ Menu


Top 20 OpenSSH Server Best Security Practices

Don't tell anyone that I'm free

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.
[click to continue…]

OpenSSH Tip: Check Syntax Errors before Restarting Server

OpenSSH - SSHD Logo

OpenSSH / OpenBSD Secure Shell - is default secure shell for encrypted communication sessions over a computer network using the ssh protocol. Usually, you login using ssh and makes changes to its configuration file /etc/ssh/sshd_conf over a remote session. If there is an error in configuration, server may not start (i.e. no remote login allowed). This will result into a disaster; if you didn't have access to remote console. But how do you find out a syntax error for sshd_config file?

OpenSSH Test Mode

OpenSSH has test mode option. Use the -t option to check the validity of the configuration file and sanity of the keys. This is useful for updating sshd reliably as configuration options may change.After making changes to config file, type the following command run syntax check on configuration file, enter:
$ sudo /usr/sbin/sshd -t
# sshd -t

/etc/ssh/sshd_config: line 26: Bad configuration option: PermitRootLogins
/etc/ssh/sshd_config: terminating, 1 bad configuration options

If there is error, it will show on screen. Otherwise it will not display any message:
$ sudo /usr/sbin/sshd -t
$ echo $?



If there is error on line # 26, edit config file using vi text editor, enter:
$ sudo vi +26 /etc/ssh/sshd_config
Please note that test mode can be done while running the OpenSSH daemon (sshd). If there is no error, simply type a restart sshd command:
# service sshd restart
# /etc/init.d/ssh restart