General Tips for helping to secure SSH

There are guides on the site to cover most of these tips but this is just a quick checklist to help keep ssh / your server secure

Run SSH on port other than 22 (Change in /etc/ssh/sshd_config)

Dis Allow root logon (ensure you can use su or sudo from the terminal first!)
(uncomment out #PermitRootLogin no in /etc/ssh/sshd_config)

Add message banner (Config article here)
It is good prectice to announce that your server is private and that unauthorized access is not permitted)

Only protocol SSH2 (Change in /etc/ssh/sshd_config)

Require public / private keys for access

Remove password authentication / logon (Check your public / private keys allow you access first!)
(Config article here, uncomment out the last three lines on that page from /etc/ssh/sshd_config)

Only permit specific user(s) (add each user with the AllowUsers directive in /etc/ssh/sshd_config)

AllowUsers john
Print Friendly, PDF & Email

More Like This


Categories


Linux Security
  • Post a comment