SME Server Remote Access Via SSH
If you want to enable SSH access for remote maintenance, you need to use the Server-Manager -> Security -> Remote Access panel to enable it.
SSH Remote Access Security
The following will reduce the vulnerability of SSH to brute force attacks.
Edit the /etc/ssh/sshd_config (not ssh_config!) file with (some of) these entries:
AllowUsers name name2 name3
Port 222 (change the default ssh port)
PermitRootLogin no (disallow root logins, use su)
Protocol 2 (disables less-secure protocol v1)
MaxAuthTries 2 (slows down incoming connection attempts)
MaxStartups 3:75:10 (slows down incoming connection attempts)
Access to SSH is often controlled by /etc/hosts.allow and /etc/hosts.deny.
For wide-open access, edit /etc/hosts.allow:
sshd: ALL
SSH Connection Timeout
To keep connections from timing out and disconnecting, add the following line to the /etc/ssh/ssh_config (SSH client configuration) file:
ServerAliveInterval 60
SSH Root Access
SSH is often configured not to allow root logins.
In this case, you have two options:
- log in as a regular user, then 'su' to gain root privileges like this:
- su - root
- modify the /etc/ssh/sshd_config file to permit root logins
| < Prev | Next > |
|---|
