In today’s tutorial, we will be discussing on how to enhance the security of your Linux based VPS or dedicated server using SSH hardening methods.
SSH hardening helps your server to be less vulnerable to hacking and it increases the level of protection on your server.
Here are some tips:
TIP #1: Change the SSH Port
Default port to SSH service for every new Linux OS installation is 22. We would recommend changing this to a custom port that you can remember.
NOTE: The port you change the SSH Port to should be open. If you have any iptables or firewalld rules you should ensure that port is open and available. If you do not run a firewall on your VPS you do not need to worry about this.
Login to VPS/dedicated server, open the SSH configuration with editor of choice using below command, in this video we are using Vim as editor. You can alternatively use ‘nano’.
Here, uncomment the #Port 22 and and replace the port no of your choice which is open as below, in this example we will use port 1861.
TIP #2: Disable Root Login to your VPS
NOTE: You can only utilize this tip if you have a non-root user created on your server.
As above similarly, look for the parameter “PermitRootLogin”, as below screenshot:
Now to disable root login you need change the value of permit root login from Yes to no as below
TIP #3: Limit the Max Authentication method, open vi /etc/ssh/sshd_config and look for parameter, MaxAuthTries and MaxSessions:
Uncomment those lines and it should look like below,
After making the changes you wish to make, save the config file and restart the SSH daemon service using below command.
service sshd restart