How do I improve the security of Copssh ?

  • Some recommendations (not all of them can be applicable in your case, no sorting by importance):
     

    Recommendation Benefits/Side effects How
    Change port 22 to something non-standard Reduces your vulnerability surface dramatically by taking a well-known parameter out of equation, not applicable if you have a general purpose server. Security by obscurity ? Yes. However, there are many script kiddies out there bombing port 22 wherever they find. Conf.file etc\sshd_configport
    Reduce the maximum number of concurrent unauthenticated con-
    nections
    Reduces your vulnerability surface by allowing a smaller number of potentialy dangerous attacks simultaneously. Conf.file etc\sshd_configMaxStartups (default 10)
    Turn off authentication by password. Use public key authentication instead. Eliminates the most widely used technique of potential attacks: cracking passwords.

    Conf.file etc\sshd_configPasswordAuthentication no

    PubkeyAuthentication
    (default yes)

    Restrict access by host Use your firewall setting to limit hosts authorized for access

     

    Restrict access by user/group  

    Conf.file etc\sshd_config:

    AllowUsers
    AllowGroups