[vox-tech] Securing SSH

Fri, 1 Aug 2003 11:50:41 -0700 (PDT)

I know the title is kind of redundant, but I was curious if there is 
anything beyond these couple of steps that I have taken to secure ssh?

First I have edited the /etc/securetty to contain only these entries:
tty1
tty2
tty3
tty4
tty5
tty6

This is to allow root to login from the local console only.  I have also 
edited the sshd_conf file to disallow root logins.  This box is sitting 
behind a router that only has port 22 forwarded to this machine and I have 
setup the router so that it does not respond to ping request from the 
outside world.  The final thing, I could think of is to set hosts.allow to 
the certain IP’s that I might connect from, but I would like to connect 
from anywhere to this machine.  Is there anything else that I might 
consider to help keep the machine secure?