SSH is a secure protocol for exchanging data. It can be used to log in to remote machines, execute commands remotely, and transfer files. Since
communication within SSH is encrypted, it is a worthy replacement for remote-login solutions such as telnet, rlogin, and FTP. Take these measures
to harden SSH:
- Make sure SSH protocol version 1 is disabled. The sshd_config file must contain the following line:
- The root user should not be allowed to SSH in. Make sure the following line is present in sshd_config:
- Private key files such as ssh_host_key, ssh_host_dsa_key, and ssh_host_rsa_key should be readable only by root.
- Make sure Privilege Separation is turned on. The following line must be present in sshd_config: