DEV Community

Cover image for How to secure SSH server
ohaddahan
ohaddahan

Posted on

How to secure SSH server

Disable root login

  1. Create new user useradd -m username.
  2. Set password passwd username.
  3. Optional: Add user to sudoers usermod -aG sudo username.
  4. Edit /etc/ssh/ssh_config or /etc/ssh/sshd_config and add:
# Authentication:
PermitRootLogin no
AllowUsers username
Enter fullscreen mode Exit fullscreen mode

Might need to look for other config files being included that might override this setting (grep -r "PermitRootLogin" /etc/ssh/).

Harden SSH

  1. Disable empty password:
PermitEmptyPasswords no
Enter fullscreen mode Exit fullscreen mode
  1. Limit the number of authentication tries per connection:
MaxAuthTries 3
Enter fullscreen mode Exit fullscreen mode
  1. Changed to ssh version 2:
Include /etc/ssh/sshd_config.d/*.conf
Protocol 2
Enter fullscreen mode Exit fullscreen mode

Disable plain text authentication

  1. Connecting with SSH key:
UsePAM no
PasswordAuthentication no
Enter fullscreen mode Exit fullscreen mode
ssh-keygen 
Enter fullscreen mode Exit fullscreen mode

Restart SSH service

  1. Restart ssh service sudo systemctl restart ssh or sudo systemctl restart sshd.

Prevent brute force attacks

  1. Install fail2ban or sshguard to ban IPs that fail to authenticate after a certain number of attempts.

References

Image of Wix Studio

2025: Your year to build apps that sell

Dive into hands-on resources and actionable strategies designed to help you build and sell apps on the Wix App Market.

Get started

Top comments (0)

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay