Questions about sshd

[hav0c]

Ok I was looking at the sshd_config file and trying to see how to make it a little more secure.. I changed the port from 22 to a non-standard port. I was wondering if anyone has any suggestions as to some other changes I could make to this file to make things more secure? Also is there any way to allow connections only from certain IP addresses?

I'm using FreeBSD 4.9 btw.

[krohnjw]

You can edit hosts.deny to implicitly deny all hosts for sshd and then use hosts.allow to allow from only a certain subnet or ipaddress.

You might also want to disable remote root login (if it is not off by default)

[soulware]

disable protocol version 1
turn off X11Forwarding
turn on PrintLastLog
change LogLevel to verbose
turn off PasswordAuthentication
turn off ChallengeResponseAuthentication
add an AllowUsers line

add a tcp wrappers line like khronjw said

Code:

sshd : address/subnet : allow

and turn off PermitRootLogin if it's not already off

[soulware]

oh that's assuming you had a default deny stance on the tcp wrappers