Skip to main content

Managing SSH Settings

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Training Architect

Length

00:30:00

Difficulty

Beginner

In this lab, we will look at how to manage SSH settings on a Linux host. We will change the default listening port of SSH on a Linux host. Then, we'll configure SSH restrictions on the host to only permit SSH from a specific subnet.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Managing SSH Settings

In this lab, we will look at how to manage SSH settings on a Linux host. We will change the default listening port of SSH on a Linux host. Then, we'll configure SSH restrictions on the host to only permit SSH from a specific subnet.

Open a terminal, and log in to the cloud server using the provided credentials.

Change the Default SSH Port 22 to Port 22000

  1. Edit the sshd_config file with the following command:

    sudo nano /etc/ssh/sshd_config
  2. Uncomment the line #Port 22 and replace 22 with 22000.

  3. Restart the SSH service for the changes to take effect:

    sudo service sshd restart

Restrict SSH by Source IP Using TCP Wrappers

  1. We will need to edit the hosts.allow and hosts.deny files used by TCP Wrappers. Let's start with the hosts.deny file:

    sudo nano /etc/hosts.deny
  2. Add the line:

    sshd : ALL

    Save and exit the file.

  3. Now we need to edit the hosts.allow file:

    sudo nano /etc/hosts.allow  
  4. Add the line:

    sshd : 10.0.0.0/24  

    Save and close the file.

Conclusion

Congratulations on completing this hands-on lab!