Howto's, experiences and more

OpenSSH is the default means of accessing a unix based server nowadays, and so it should be, because OpenSSH is safe, fast and stable.

However, as always, the weak end of a secure system is always at the user end. Therefore we are going to need to tighten up OpenSSH even more than it already is, which is quite easy to do.

First thing you need to look at is if you are using an up to date version of OpenSSH. At the time of this writing, version 5.3 is the most recent one so when reading this post, it needs to be at least that.

To determine the version, type $ ssh -V

It will produce some output with a version number, most likely with added information about the distribution of linux that you are using.

When you ensured that your version is up to date, it’s time to get to work and tighten the thing down :

Read more

This is a small list of how to harden your TCP/IP stack on your linux server.

Most modern server distributions already have a more hardened stack, but most of the time, you can even tighten it up further, which is generally a good idea in my humble opinion.

This list is by no means complete and I welcome more suggestions for further tightening down.

Read more