TheLazy.Dev
Portfolio GitHub

Blog

ssh |security |root |sudo

How to secure SSH server

ohaddahan

ohaddahan

Posted on January 21, 2024

How to secure SSH server

Disable root login

  1. Create new user useradd -m username.
  2. Set password passwd username.
  3. Optional: Add user to sudoers usermod -aG sudo username.
  4. Edit /etc/ssh/ssh_config or /etc/ssh/sshd_config and add: 
# Authentication:
PermitRootLogin no
AllowUsers username
Enter fullscreen mode Exit fullscreen mode

Might need to look for other config files being included that might override this setting (grep -r "PermitRootLogin" /etc/ssh/).

Harden SSH

  1. Disable empty password: 
PermitEmptyPasswords no
Enter fullscreen mode Exit fullscreen mode
  1. Limit the number of authentication tries per connection: 
MaxAuthTries 3
Enter fullscreen mode Exit fullscreen mode
  1. Changed to ssh version 2: 
Include /etc/ssh/sshd_config.d/*.conf
Protocol 2
Enter fullscreen mode Exit fullscreen mode

Disable plain text authentication

  1. Connecting with SSH key: 
UsePAM no
PasswordAuthentication no
Enter fullscreen mode Exit fullscreen mode 
ssh-keygen
Enter fullscreen mode Exit fullscreen mode

Restart SSH service

  1. Restart ssh service sudo systemctl restart ssh or sudo systemctl restart sshd.

Prevent brute force attacks

  1. Install fail2ban or sshguard to ban IPs that fail to authenticate after a certain number of attempts.

References

💖 💪 🙅 🚩
ohaddahan
ohaddahan

Posted on January 21, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

How to secure SSH server
ssh How to secure SSH server

January 21, 2024