SECURE SSH CONFIGURATION

We want to configure our SSH server in a more secure manner.  We want
to implement a few minor changes to substantially increase the security
of our SSH server.

NOTE: The following will be conducted on your DNS machine:

1. Connect to your DNS machine (10.X.1.1)

2. Edit your /etc/ssh/sshd_config file (SSH Server Configuration File)
	
	$ sudo vi /etc/ssh/sshd_config

   Change "PasswordAuthentication yes" to "PasswordAuthentication no"

   Change "PubkeyAuthentication no" to "PubkeyAuthentication yes"

   Make sure "PermitEmptyPasswords" is set to "no"

   You may also define

        AllowUsers root tldadmin

3. Restart your SSH server
  
   	$ sudo service ssh restart

4. Try logging into your NameServer's SSH server with just a password

   	$ ssh tldadmin@127.0.0.1
	   ** You should get an error message (Permission denied (publickey).)

5. From your laptop try logging into your SSH server with your tldadmin key
   as you did before. e.g., 
  
   	$ ssh -i tldadmin tldadmin@10.X.1.1
	   ** This should work
	   ** Note: the password you are prompted for is the IDENTITY KEY password
      		and NOT the account password - but the two passwords are the same...

Note: 
   * Do not change the "PermitRootLogin" entry 
     Doing so will make your configuration more secure - but will
     break our ability to remotely assist you!

Other Interesting Settings
   * "PermitEmptyPasswords" should be set to "no"
   * "Port" can be any port - you should change this to something other than port 22
	to avoid automated SSH attacks
   * "LoginGraceTime" - you should set this to a short time to close the connection
	after a short period of time (say 30 seconds) to avoid keeping unproductive 
	connections open.
   * Restrict "Banner" such that it doesn't provide any identifying information
   * Set "MaxAuthTries" to a low number (say 3) such that a user gets only three 
     attempts to enter a password before the connection is closed