Generally when you try opening any X application, say xclock or xterm, as a root user on a remote system, It gives an error saying “Can’t open display”. To get rid of this message what you can do is,
– First ssh with -X into remote system
$ ssh -vX email@example.com
– Export a variable
$ export XAUTHORITY="~/foo/.Xauthority"
– Start X app (I am assuming user “foo” has a superuser privileges on remote system)
$ sudo xterm
I came across this service called denyhosts…
It basically keeps your server from the unwanted ssh attempts and brute force attacks. For
denyhosts to work, you need to have
tcp_wrappers support and
The IPs from which unwanted ssh attacks come are listed in
/etc/hosts.deny file by
If you want to whitelist any of them, then you can put them in
For e.g. putting
sshd: 220.127.116.11 line in
/etc/hosts.deny file will disable all ssh attempts from that host and putting it in
/etc/hosts.allow will allow them.
Additionally what I do on my systems is … I keep only one system accessible from internet (sshd listens on both private and public interface) and on other systems I configure sshd to listen only on private interfaces. This can be achieved by putting
The other security measure is to disable root user to access ssh at all. put
PermitRootLogin no line in
/etc/ssh/sshd_config file, then access system with a normal user (not a sudoer) through ssh and then use
su - to gain root access.