DEV Community

Cover image for How to secure SSH server
ohaddahan
ohaddahan

Posted on

1

How to secure SSH server

Disable root login

  1. Create new user useradd -m username.
  2. Set password passwd username.
  3. Optional: Add user to sudoers usermod -aG sudo username.
  4. Edit /etc/ssh/ssh_config or /etc/ssh/sshd_config and add:
# Authentication:
PermitRootLogin no
AllowUsers username
Enter fullscreen mode Exit fullscreen mode

Might need to look for other config files being included that might override this setting (grep -r "PermitRootLogin" /etc/ssh/).

Harden SSH

  1. Disable empty password:
PermitEmptyPasswords no
Enter fullscreen mode Exit fullscreen mode
  1. Limit the number of authentication tries per connection:
MaxAuthTries 3
Enter fullscreen mode Exit fullscreen mode
  1. Changed to ssh version 2:
Include /etc/ssh/sshd_config.d/*.conf
Protocol 2
Enter fullscreen mode Exit fullscreen mode

Disable plain text authentication

  1. Connecting with SSH key:
UsePAM no
PasswordAuthentication no
Enter fullscreen mode Exit fullscreen mode
ssh-keygen 
Enter fullscreen mode Exit fullscreen mode

Restart SSH service

  1. Restart ssh service sudo systemctl restart ssh or sudo systemctl restart sshd.

Prevent brute force attacks

  1. Install fail2ban or sshguard to ban IPs that fail to authenticate after a certain number of attempts.

References

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay