Secure SSH with Two-Factor Authentication (using Google Authenticator) on squeeze

Two-Factor authentication adds an extra layer of security to the authentication process to prevent unauthorized users to access your services or data. Normally you only type username and password (something you know) but with Two-Factor authentications, additionally you need to provide something you have (mobile phone running Android, iOS or Blackberry with one time codes when using Google Authenticator).

Google Authenticator on iPhone1. Download and install the Google Authenticator app for you phone. Here you can find instructions: http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447 Continue reading

Replacing OpenSSH server with dropbear

dropbear is a SSH 2 server and client designed to be small enough to be used in small memory environments, while still being functional and secure enough for general use.

It implements most required features of the SSH 2 protocol, and other features such as X11 and authentication agent forwarding.

1. Install dropbear

apt-get install dropbear
Continue reading

Disable root login to SSH

Allowing root logins to your SSH damon is a big security threat. If the SSH port is open, hackers will probably at some time attempt to brute force your root password. It’s a good idea to disable root logins to SSH and instead use a normal user to login and type “su -” to enter the super user shell or sudo to perform tasks that require root privileges.

1. Open the SSH daemon config file and change this line: (pico /etc/ssh/sshd_config)

PermitRootLogin no
Continue reading