SSH is the standard method for Admin’s to connect to Linux servers
securely. But the default install of SSH server way far from perfect and
may allow attackers to hack your server. This guide shows you how to
secure your SSH server in few steps
Open again sshd_config file:
1. Use Strong SSH Passwords
Try to make all your passwords more secure by following next rules:- Try to use minimum of 8 characters
- Use upper and lower case letters
- Also use numbers in your password
- special characters like #$&*
apt-get install pwgen
pwgen command will generate a list of passwords of 8 characters. You can use the man documents to find more options.2. Disable SSH root logins
To disable root logins edit sshd_config file located in /etc/ssh/ directory.
# Prevent root logins:
PermitRootLogin no
Then Restart SSH Server:
/etc/init.d/ssh restart
3. Change the SSH Port on the server
By changing the default port you will make SSH server more secure. By changing the default port you will reduce the amount of brute force attacksOpen again sshd_config file:
# What ports, IPs and protocols we listen for
Port 22333 (or any port you want)
4. Only Allow specific Users to connect over SSH
You can do this by adding the following line to sshd_config file:
AllowUsers debiantuts
5. Change SSH login grace time
By changing this you will have control on your unauthenticated connections left open. In Debian, by default this is set to 120 seconds.
# Authentication:
LoginGraceTime 30
NOTE: After any change you make on sshd_config file you need to restart your SSH Server.
No comments:
Post a Comment