How to secure SSH server

Tags: 

Linux

After all the administrator install linux. The next thing that we have to install and setting instantly is Secure Shell Server or we known in short SSH Server

In this article I will explain how to secure SSH Server by refer to Debian distro that I familiar with

  • Sure thing that we have to install linux first
  • Then install SSH Server with command
apt-get install openssh-server
  • edit file /etc/ssh/sshd_config to config SSH Server. I will show only config that related to security
1
2
3
4
5
6
7
8
9
Port 9999
ListenAddress 192.168.100.10
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
PermitEmptyPasswords no
AllowUsers username1 username2
AllowGroups groupname
PasswordAuthentication no

Line 1 is port that user will connect to. for security we should config this to be port more than 1024
Line 2 in case we have many lan card. set to ip that we want to connect to such as 192.168.100.10 in case that we want to connect from private ip only
Line 3 is time that SSH Server will disconnect if we can't login in time (second)
Line 4 set to no to forbid root login. user must login with others users first then su to root
Line 5 Specifies whether ssh should check file modes and ownership of the user's home directory and rhosts files before accepting login
Line 6 set no to force user login with password everytime (in some condition that user does have empty password but still can login)
Line 7 define what user can login
Line 8 define what group can login
Line 9 force user to login with others method except authentication with username and password. Set to no and follow How to SSH without password guide

  • After done configuration file. restart service ssh with command (it won't disconnect if you ssh to config)
/etc/init.d/ssh restart
  • Test login before you disconnect your session. I found that in many cases that you do wrong configuration and end with reinstall linux all over again.

In fact the best way to security your ssh server is close and delete it...

Comments

Did you comment wrong website

Did you comment wrong website :P

Anyway I changed by explain more about it.