I don’t think I posted it, so I thought I would jot down installing an SSH server on Ubuntu 7.04 (Feisty).

sudo apt-get install ssh
gksudo gedit /etc/ssh/sshd_config

Change the PermitRootLogon to no and change port to desired port number. Add a new line at the bottom, “AllowUsers username” where username is your username you want to allow. You can use “DenyUsers username,” but once the AllowUsers is set, all others are denied anyway.

Next, I want to add a little brute-force protection using pam-abl. These instructions may not be current, but they worked out for me. Add “deb http://ubuntu.tolero.org/ edgy main” to your/etc/apt/sources.lists file. Remember to open it as root so you can save it. And yes, I am using edgy instead of feisty in this line.

sudo aptitude update
sudo aptitude upgrade
sudo aptitude install libpam-abl
sudo /etc/init.d/ssh restart

Run “sudo pam_abl” to list the current blacklist, and use –help for more features or manual blocking. Failed logins are collected in /var/lib/abl. SSH logs are written to /var/log/auth.log, however it might be useful to increase the logging level and location. Change “LogLevel INFO” to “LogLevel VERBOSE” to get more out of the logging.

Further hardening can be done. The files /etc/hosts.allow and /etc/hosts.deny will allow or deny the listed users respectively. These lines will allow two IP address ranges to connect but deny all others.

# /etc/hosts.allow
sshd: 10.10.10.0/255.255.255.0
sshd: 192.168.1.0/255.255.255.0

# /etc/hosts.deny
sshd: ALL

Referenced Tolero.org for the pam-abl install. I also note an Ubuntu help file.