In this lab, we will look at how to manage SSH settings on a Linux host. We will change the default listening port of SSH on a Linux host. Then, we’ll configure SSH restrictions on the host to only permit SSH from a specific subnet.
Successfully complete this lab by achieving the following learning objectives:
- Change the default SSH port 22 to port 22000.
To change the default port of 22 to 22000 for SSH, we’ll need to edit the
sshd_configfile with the following command:
sudo nano /etc/ssh/sshd_config
Then, we’ll need to edit one of the lines:
Uncomment "#Port 22" and replace 22 with 22000
Now, we’ll need to restart the SSH service:
sudo service sshd restart
- Restrict SSH by Source IP using TCP Wrappers.
We will need to edit the
hosts.denyfiles used by TCP Wrappers. Let’s start with the
sudo nano /etc/hosts.deny
Add the line:
sshd : ALL
Then, save and exit the file.
Now we need to edit the
sudo nano /etc/hosts.allow
Add the following line:
sshd : 10.0.0.0/24
Save and close the file.