Sshd Configuration: Difference between revisions
No edit summary |
(→DNS) |
||
Line 31: | Line 31: | ||
=Change the Network Interface to Listen On= | =Change the Network Interface to Listen On= | ||
=DNS= | =Turn off Client Name DNS Verification= | ||
sshd can be configured with a "UseDNS" option, which specifies whether sshd should look up the remote host name and check that the resolved host name for the remote IP address maps back to the same IP address. The default is “yes” but in some case this causes the initial connection setup to take a long time, so it is best to turn this verification off: | |||
<pre> | <pre> |
Revision as of 23:56, 6 January 2016
Internal
Overview
Change the Default Port
Uncomment and/or update the default "Port" value in /etc/ssh/sshd_config:
#Port 22 Port 12345
Change the Default Port on a SELinux System
If SELinux is enable, you have to tell SELinux about the port change:
semanage port -a -t ssh_port_t -p tcp 12345
Also see How to install SELinux semanage.
Update the Firewall Rules
If iptables is enabled, there's a firewall rule that allows ssh access, and it usually mentions the port. You may want to check and change that: Iptables_Command_Line_Tool_Examples#Allow_SSH_Only_From_the_Internal_Network_on_a_Non-Standard_Port
Change the Network Interface to Listen On
Turn off Client Name DNS Verification
sshd can be configured with a "UseDNS" option, which specifies whether sshd should look up the remote host name and check that the resolved host name for the remote IP address maps back to the same IP address. The default is “yes” but in some case this causes the initial connection setup to take a long time, so it is best to turn this verification off:
... UseDNS no ...