As the Founder and CEO of Tanta Innovative Limited and Tanta Secure, I lead two IT firms that deliver innovative and secure solutions across Nigeria and beyond. With over a decade of expertise in ethical hacking, software development, Linux and network administration, I specialize in cybersecurity and malware detection. I hold a BSc in Computer Science from the Federal University of Technology and have earned multiple ethical hacking certifications. Fluent in Hausa, English, and French, I am passionate about leveraging the latest technologies to create value while ensuring the safety and privacy of users and their data.
SSH (Secure Shell) is the lifeline for remote administration of Linux servers. However, it's also a prime target for attackers. Securing your SSH setup is paramount to maintaining the integrity and confidentiality of your system. Let's transform your basic instructions into a powerhouse of SSH security knowledge!
Your SSH configuration file, typically located at /etc/ssh/sshd_config, is the command center for SSH security. Open it with root privileges using your editor of choice:
sudo nano /etc/ssh/sshd_config
Ditch the outdated SSH Protocol 1! Mandate the use of the more secure Protocol 2:
protocol 2
Automated bots relentlessly scan port 22 (the default SSH port). Camouflage your SSH server by choosing an uncommon high-numbered port (within 1024-65535):
# Replace with your chosen port
Port 38521
# Don't Forget: Update your firewall rules to allow connections on this new port.
Direct root logins via SSH are a major vulnerability. Disable them decisively:
PermitRootLogin no
Best Practice: Create a regular user account and use sudo for administrative tasks once connected.
Passwords are inherently less secure than SSH keys. Enable key-based authentication
PubkeyAuthentication yes
PasswordAuthentication no
Key Generation: If you haven't already, generate an SSH key pair on your client machine using the ssh-keygen command. Securely transfer your public key to the server.
Fine-tune who can connect. Restrict SSH access to specific users or groups:
AllowUsers john_admin sarah_dev
AllowGroups sysadmins
For your changes to take effect, restart SSH:
sudo systemctl restart sshd
Important Reminders
You've done it! Your SSH server is now fortified against common attack vectors. Remember, security is an ongoing process. Stay informed and revisit your SSH configuration periodically to ensure it maintains its robust defenses. If you still need help get in touch for a free technical consultation.