Secure Ssh

i have read that to keep your linux machine safe you must have a good root pw, never log in as root etc, but also make sure SSH is secure, how do i go about doing this? do i need to change anything, or is it ok as is? and, as default, is my machine using SSH?

By default ssh will be enabled for local but the firewall will be blocking anything else iirc.

But to be extra sure you can use the runlevel editor and stop ssh from starting at start up. If looking to run ssh then there's a few other steps like protocol 2, no root access, authentication by key, and deny hosts etc...

Plenty of posts about how to achieve the above if you wish to run ssh.

Quote:

By default ssh will be enabled for local but the firewall will be blocking anything else iirc.

But to be extra sure you can use the runlevel editor and stop ssh from starting at start up. If looking to run ssh then there's a few other steps like protocol 2, no root access, authentication by key, and deny hosts etc...

Plenty of posts about how to achieve the above if you wish to run ssh.
[/b]

ok thanks, i will go into yast and diable it at run level. tho, may i ask what its for? lol. im guessing it can't be that important if you don't need to run it?

SSH = Secure SHell see here http://en.wikipedia.org/wiki/Secure_Shell

Andy

Quote:

SSH = Secure SHell see here http://en.wikipedia.org/wiki/Secure_Shell

Andy
[/b]

Thank you! question answered hehe.

Quote:

Thank you! question answered hehe.
[/b]

If you run ssh, I would recommend the following:
setting up fail2ban or denyhosts.
making /etc/sshd_config pretty tight only allow certain users, force protocol 2, disable root logins
make your logins key based with a passphrase
and properly setup tcpwrappers with the /etc/host.allow and /etc/hosts.deny files.