DEV Community

Nguyen Trung Duc
Nguyen Trung Duc

Posted on

Hardening ssh service on Ubuntu/Linux server

#devops #linux #ubuntu

Checklist:

  • Disable ssh login for root user
  • Disable password login

1. Create new user 

adduser <username>
Enter fullscreen mode Exit fullscreen mode

Add user to sudo group:

usermod -aG sudo <username>
Enter fullscreen mode Exit fullscreen mode

or add this line to file /etc/sudoers.d/90-cloud-init-users (sudo without password)

<username> ALL=(ALL) NOPASSWD:ALL
Enter fullscreen mode Exit fullscreen mode

2. Add ssh key for new user

Add ssh key to file /home/<username>/.ssh/authorized_keys

3. Disable root login and password based login

Edit file /etc/ssh/sshd_config, Find ChallengeResponseAuthentication and set to no:

ChallengeResponseAuthentication no
Enter fullscreen mode Exit fullscreen mode

find PasswordAuthentication set to no:

PasswordAuthentication no
Enter fullscreen mode Exit fullscreen mode

Search for UsePAM and set to no:

UsePAM no
Enter fullscreen mode Exit fullscreen mode

Finally look for PermitRootLogin and set it to no:

PermitRootLogin no
PermitRootLogin prohibit-password
Enter fullscreen mode Exit fullscreen mode

Save and close the file. Reload or restart the ssh server on Linux:

service ssh restart
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

techmaharaj profile image

How To Run Static Analysis On Your CI/CD Pipelines Using AI

Atulpriya Sharma -

monarene profile image

Designing a fault-tolerant etcd cluster

Michael Mekuleyi -

574n13y profile image

Advanced Networking Concepts

Vivesh -

josephibehdev profile image

Step-by-Step Guide: Setting Up Apache2 and Deploying an HTML Template on Ubuntu (Using Vagrant on a Local Machine)

Joseph Ibeh -