Doug Maxwell posted a tutorial on how to improve the security of OpenSSH on your server installations. If you haven’t come across brute-force SSH attacks on your machines, you must be lucky. I have seen a few of these attempts on my own servers and none have been successful to my knowledge.
His first method of security is using key-based authentication as opposed to password authentication. The user takes their public key and copies it to the authorized_key section of the server. The server will then authenticate via key and if it matches then it will not ask for the password. This is handy if you know every machine that will connect via SSH to the server, but in many cases you may have users that you will not have their key in your authorized_keys file.
His next step is to disable password authentication. As I just mentioned this would eliminate all users in which their public key is not stored in the authorized_key file. This may work for some administrators, but I think it will lock out a large user base.
His last step is to disable root logins. This is a good method for security. I see a lot of brute force attacks using root since by default it is open and it is a well-known user account. Some people posted that they need root login for administration. If they setup sudo or su correctly, then they can login as their own user account and switch users to root.
I think this is a helpful tutorial and as stated in the article does not cover all security measures. This is just a starting point and as the administrator you must determine what security measures will fit the application you are attempting to user on your system.
