how to secure OpenSSH
As discussed in my earlier articles on how to secure wordpress server and other LAMP application servers (part I, part II), it is imperative to protect the big ‘L’ in the LAMP, the Linux host server itself. One main step is to restrict and secure access to the server. On a Linux server, OpenSSH (sometimes in couple with a VPN solution) is the most commonly vetted choice. It should be used in lieu of telnet and FTP.
The OpenSSH that comes with mainstream Linux distributions may not be as tailored as you want to afford maximum security you desired. This should not be much of a surprise, since any pre-packaged software needs to reach broader audience and wider range of use cases, plus the packager may not share the same information security principles as you and may assess the risks differently. Read the rest of this entry »
