Ssh can support forwarding traffic & act as a SOCKS proxy.

This is fantastic for encrypted browsing over unsecured wifi connections. You can setup Firefox, YM or any other SOCKS 5 compliant program to make use of the proxy. After executing the command below ssh will be listening on localhost (127.0.0.1) and you would then point your SOCKS compliant program to this ip and port that you specify below.

The command:

ssh -qTfnN2 -D 8080 -p 22 user@localhost

Explanations:

-q :- be very quite, we are acting only as a tunnel.
-T :- Do not allocate a pseudo tty, we are only acting a tunnel.
-f :- move the ssh process to background, as we don?t want to interact with this ssh session directly.
-N :- Do not execute remote command.
-p :- Port to connect to on the remote host.
-n :- redirect standard input to /dev/null.
-2 :- Forces ssh to try protocol version 2 only.
-D :- Specifies a local “dynamic” application-level port forwarding.This works
by allocating a socket to listen to port on the local side,and whenever a connection
is made to this port, the connection is forwarded over the secure channel, and the application
protocol is then used to determine where to connect to from the remote machine.
Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server.
Only root can forward privileged ports.

Enjoy.

On Debian Squeeze edit the sshd_config file located in /etc/ssh/ :

Change PermitRootLogin from yes/no to “without-password”:

#PermitRootLogin yes
PermitRootLogin without-password

Restart ssh daemon and try to login with root account.

Enjoy.

For Debian Squeeze configuration file is located in /etc/ssh/sshd_config and at the  end of all the changes that will need to restart the server.

1. First step to one more secured ssh server is:

Change the standard port for ssh server

The first  safety rule is to change the default port because the majority of automated tools to perform brute force or dictionary attacks right at this port.

In the sshd_config file change the port directive to anoter port. I recomend to use a port above 1024.

Port 22

Will become:

Port 22222 or some other port

2. The second change is:

Disable root access

If users have access to the files on your server, but you don’t want they to be able to execute commands, you can limit access to  sftp only.

Add a user to your system as normal with a password and then run the following command:

usermod -s /usr/lib/sftp-server username

Then change add the following to /etc/shells to make it a valid shell:

echo '/usr/lib/sftp-server' >> /etc/shells

Now this user can only run the sftp server as shell

Enjoy

Just use the following command:

iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT

In this example our connections are limited to 5.