Basic SSH Security
- Change the default SSH port: This can help to reduce the number of automated attacks as attackers are often targeting systems that are running SSH on the default port 22.
- Disable SSH root access: This can help to reduce the risk of unauthorized access to your system as attackers often target the root account. Instead, create a separate user with sudo privileges.
- Use strong SSH key-based authentication: Use a strong password and consider using public key-based authentication instead of simple password authentication. This provides an extra layer of security in that an attacker would need to possess the private key to gain access, which is much more difficult to obtain than a simple password.
- Limit the number of authentication attempts: Use an authentication method that limits the number of failed login attempts, such as fail2ban. This can help prevent brute-force attacks.
- Keep software up-to-date: Make sure that both the SSH server and client software is up-to-date and has all security patches applied.
Open the SSH configuration file using a text editor:
Find the line that says #Port 22 and uncomment it or change the port number to your desired port, for example, Port 2222. Save the file and exit. Restart the SSH service:
Open the SSH configuration file:
Find the line that says PermitRootLogin yes and change it to:
Save the file and exit. Restart the SSH service:
Generate an SSH key pair on your local machine:
Copy the public key to the remote server, Replace user with your username and server_ip with your server's IP address.
Disable password authentication by editing the SSH configuration file:
Set PasswordAuthentication no
Restart the SSH service:
Configure fail2ban to monitor the SSH service:
Add the following lines under [sshd]:
Make it a habit of keeping and performing on a regular basis updates to your server. You can do this by typing:
By following these steps, your SSH connection will be more secure and resilient to unauthorized access.