SSH is the standard method for Admin’s to connect to Linux servers securely. But the default install of SSH server way far from perfect and may allow attackers to hack your server. This guide shows you how to secure your SSH server in few steps
1. Use Strong SSH Passwords
Try to make all your passwords more secure by following next rules:
- Try to use minimum of 8 characters
- Use upper and lower case letters
- Also use numbers in your password
- special characters like #$&*
You have also a password generator in Linux called pwgen. Install and use it with the following commands:
apt-get install pwgen
pwgen command will generate a list of passwords of 8 characters. You can use the man documents to find more options.
2. Disable SSH root logins
To disable root logins edit sshd_config file located in /etc/ssh/ directory.
# Prevent root logins:
Then Restart SSH Server:
3. Change the SSH Port on the server
By changing the default port you will make SSH server more secure. By changing the default port you will reduce the amount of brute force attacks
Open again sshd_config file:
# What ports, IPs and protocols we listen for
Port 22333 (or any port you want)
4. Only Allow specific Users to connect over SSH
You can do this by adding the following line to sshd_config file:
5. Change SSH login grace time
By changing this you will have control on your unauthenticated connections left open. In Debian, by default this is set to 120 seconds.
NOTE: After any change you make on sshd_config file you need to restart your SSH Server.