From owner-freebsd-questions@FreeBSD.ORG  Sat Mar 20 13:18:30 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BFD2A106566B
	for <freebsd-questions@freebsd.org>;
	Sat, 20 Mar 2010 13:18:30 +0000 (UTC)
	(envelope-from jg@fantomatic.co.uk)
Received: from fix.fantomatic.co.uk (fix.fantomatic.co.uk [81.174.154.245])
	by mx1.freebsd.org (Postfix) with ESMTP id 4308D8FC0C
	for <freebsd-questions@freebsd.org>;
	Sat, 20 Mar 2010 13:18:30 +0000 (UTC)
Received: from fix.fantomatic.co.uk (localhost [127.0.0.1])
	by fix.fantomatic.co.uk (8.14.3/8.14.3) with ESMTP id o2KDIcnq001243
	for <freebsd-questions@freebsd.org>; Sat, 20 Mar 2010 13:18:38 GMT
	(envelope-from jg@fix.fantomatic.co.uk)
Received: (from jg@localhost)
	by fix.fantomatic.co.uk (8.14.3/8.14.3/Submit) id o2KDIcIt001241
	for freebsd-questions@freebsd.org; Sat, 20 Mar 2010 13:18:38 GMT
	(envelope-from jg)
Message-Id: <201003201318.o2KDIcIt001241@fix.fantomatic.co.uk>
To: freebsd-questions@freebsd.org
Date: Sat, 20 Mar 2010 13:18:38 +0000 (GMT)
From: Jamie Griffin <Jamie@fantomatic.co.uk>
X-Mailer: ELM [version 2.5 PL8]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: securing sshd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Mar 2010 13:18:30 -0000

Hello

I've been reading up on securing sshd after being bombarded with attempted logins. 

The steps i've taken so far to make things more secure are:

* changed the encryption method for passwords in /etc/login.conf from md5 to blowfish and changed all the passwords to ridiculously obscure ones (at least as obscure as I could think of).

* changed /etc/ttys secure entries to insecure to prevent root logins on the console

  (the above are not really sshd specific i know.)

* Disabled root login by ssh in /etc/ssh/sshd_config

* Set myself as the only user able to login by ssh

* Disabled password logins completely, and to only allow public key authentication

* Changed the default ssh port from 22 to something much higher

I'm the only user that will ever need to log into the machine. I wondered, does this setup seem ok and are there any other methods used by anyone on list that might help me to secure remote logins even further?

Thanks for any help.

Jamie