Here is some code that will add some security to your /etc/sshd_config file:
- Enable X11Forwarding
- Force Version 2 of the protocol
- Disable all the usual RHosts garbage
- Disable root logons
- Disable the use of empty passwords
Copy the code below to a text file and make it executable then run it using the sudo command. Remember to restart your SSH service after the changes have been made.
|
#!/bin/sh SSH_DIR=/etc/ssh # unalias cp rm mv cd $SSH_DIR cp ssh_config ssh_config.tmp cat $SSH_DIR/ssh_config.tmp | grep -v Protocol | sed ‘$a\\nProtocol 2’ > $SSH_DIR/ssh_config rm ssh_config.tmp cp sshd_config sshd_config.tmp awk ‘/^#? *Protocol/ { print “Protocol 2”; next }; /^#? *X11Forwarding/ \ { print “X11Forwarding yes”; next }; /^#? *IgnoreRhosts/ \ { print “IgnoreRhosts yes”; next }; /^#? *RhostsAuthentication/ \ { print ” RhostsAuthentication no”; next }; /^#? *RhostsRSAAuthentication/ \ { print “RhostsRSAAuthentication no”; next }; /^#? *HostbasedAuthentication/ \ { print “HostbasedAuthentication no”; next }; /^#? *PermitRootLogin/ \ { print “PermitRootLogin no”; next }; /^#? *PermitEmptyPasswords/ \ { print “PermitEmptyPasswords no”; next }; /^#? *Banner/ \ { print “Banner /etc/issue.net”; next }; {print}’ sshd_config.tmp > sshd_config rm sshd_config.tmp |