Securing Remote SSH

Owned by Tahir Kulelija
Last updated: 10 Nov 2020
2 min read

Securing remote SSH is important. Using the default installation for SSH can have its own downfalls when it comes to security. When running an SSH server, there are a few easy steps that will considerably increase the installation?s level of security.

Here is steps you need to follow in order to securing remote SSH.

1. Strong Password

A strong password will help win the fight against an attack. Please take a note not to use standard password.

 

2. Disable Root login

To disable your Root Logins, you?ll need to edit the SSHD configuration file. All your SSH server settings are stored in the /etc/ssh/sshd_config file.

To disable logging in through SSH as root, change the line to this:

PermitRootLogin no

Then restart your SSHD service by entering one of the following commands:

/etc/init.d/sshd restart

 

3. Disable Empty Password

You need to prevent remote logins from accounts with empty passwords for added security. Open your /etc/ssh/sshd_config file and update the following line:

PermitEmptyPasswords no

 

4.  Configure Idle Timeout

To avoid having an unattended SSH session, you can set an Idle timeout interval. Open your /etc/ssh/sshd_config file and add the following line:

ClientAliveInterval 360

ClientAliveCountMax 0

 

5. Using Another Port

You can choose any unused port as long as it?s not used by another service.  To change your port, open your /etc/ssh/sshd_config file and add the following lines:

Port 2025

Then restart your SSHD service by entering one of the following commands:

/etc/init.d/sshd restart

 

6. Using Public/Private Keys Authentication

Public/Private Keys authentication is certainly more secure and a much better solution than password authentication. The Private Key is stored on the computer you login from, while the public key is stored on the .ssh/authorized_keys file on each computer you want to login to.

Here?s how to create a public/private key pair and install them for use on your SSH server:

  • Start by generating your key-pair, a public key and a private key. The public key will be placed on the server and you will login with your private key (this needs to be performed on each client machine from which you connect):

ssh-keygen -t rsa

  • Copy the public key (id_rsa.pub) to the server and path ~/.ssh/authorized_keys
  • Set permission for authorized_keys

chmod 700 ~/.ssh

chmod 600 ~/.ssh/authorized_keys

Now try to login with Private Key.