How do I improve the security of Copssh ?
Some recommendations (not all of them can be applicable in your case, no sorting by importance):
| Recommendation | Benefits/Side effects | How |
| Change port 22 to something non-standard | Reduces your vulnerability surface dramatically by taking a well-known parameter out of equation, not applicable if you have a general purpose server. Security by obscurity ? Yes. However, there are many script kiddies out there bombing port 22 wherever they find. | Conf.file etc\sshd_config: port |
| Reduce the maximum number of concurrent unauthenticated con- nections |
Reduces your vulnerability surface by allowing a smaller number of potentialy dangerous attacks simultaneously. | Conf.file etc\sshd_config: MaxStartups (default 10) |
| Turn off authentication by password. Use public key authentication instead. | Eliminates the most widely used technique of potential attacks: cracking passwords. |
Conf.file etc\sshd_config: PasswordAuthentication no PubkeyAuthentication |
| Restrict access by host | Use your firewall setting to limit hosts authorized for access |
|
| Restrict access by user/group |
Conf.file etc\sshd_config: AllowUsers |
