5 Steps to Secure your SSH Server

Valic —  February 5, 2013 — 3 Comments

SSH is the standard method for Admin’s to connect to Linux servers securely. But the default install of SSH server way far from perfect and may allow attackers to hack your server. This guide shows you how to secure your SSH server in few steps

1. Use Strong SSH Passwords

Try to make all your passwords more secure by following next rules:

  • Try to use minimum of 8 characters
  • Use upper and lower case letters
  • Also use  numbers in your password
  • special characters like #$&*

You have also a password generator in Linux called pwgen. Install and use it with the following commands:

apt-get install pwgen

pwgen command will generate a list of passwords of 8 characters. You can use the man documents to find more options.

2. Disable SSH root logins

To disable root logins edit  sshd_config file located in /etc/ssh/ directory.

# Prevent root logins:
PermitRootLogin no

Then Restart SSH Server:

/etc/init.d/ssh restart

3. Change the SSH Port on the server

By changing the default port you will make SSH server more secure. By changing the default port you will reduce the amount of brute force attacks

Open again sshd_config file:

# What ports, IPs and protocols we listen for
Port 22333 (or any port you want)

4. Only Allow specific Users to connect over SSH

You can do this by adding the following line to sshd_config file:

AllowUsers debiantuts

5. Change SSH login grace time

By changing this you will have control on your unauthenticated connections left open.  In Debian, by default this is set to 120 seconds.

# Authentication:
LoginGraceTime 30

 NOTE: After any change you make on sshd_config file you need to restart your SSH Server.

Valic

Posts Twitter Facebook

Editor in Chief at Debian-Tutorials, Linux enthusiast.

3 responses to 5 Steps to Secure your SSH Server

  1. You missed: dont use passwords, use public key authentication.

Trackbacks and Pingbacks:

  1. Lightweight Debian: LXDE Desktop From Scratch | l3net - a layer 3 networking blog - April 30, 2013

    [...] As I’ve requested during installation, SSH server is started. By default it allows root login, and it needs some securing. [...]

  2. 4 (out of 5) ssh security tips | FU-BAR - May 1, 2013

    [...] are some security tips for your sshd_config at http://www.debian-tutorials.com/5-steps-to-secure-your-ssh-server however the third one, Change the SSH Port on the server, is a lot of hot [...]

Leave a Reply