When we talk about accessing servers remotely, the first thing that comes to our mind is SSH. It is a network protocol and a secured version of Telnet and encrypts the connection so others cannot access the information being transmitted.

With advancements in the technology world, hackers are becoming more sophisticated every day. Even your SSH connection is not secure if you are using the traditional or default installation settings. Therefore, it has become necessary to secure your SSH server from unwanted data breaches and malicious attacks by taking some crucial precautions.

In this article, we will introduce you to some important security practices which will help you in considerably increasing the level of SSH server security.

1. Use Strong Usernames and Passwords

If you are using an SSH exposed to the outside world then there are chances that you will face some login attempts from hackers. They use different advanced techniques to crack your SSH username and password. A strong password and username combination will help you in securing your server.

You can use a password generator to create a strong and random password. Also, do not use any common password sequence like asdf, 12345678, etc.

2. Avoid Using Port 22

Port 22 is a default port for SSH connections and every hacker trying to access your SSH server will first attack this port. Therefore changing the port will add an extra security layer to your SSH Connection and it will prevent automated attacks on the SSH server. Changing the port will also keep you off from hacking radars.

How to change the SSH port?

Follow the below steps to change the default 22 port:

  1. Open your /etc/ssh/sshd_config file.
  2. Add the following line to your file. Set any non standard port. 
    Port 20125
  3. Restart your SSHD service with the following command: 
    sudo systemctl restart sshd

Now the SSH server is listening on a new port.

3. Disable the Root Logins

Allowing direct login to root through SSH is one of the most common and dangerous security breaches. Hackers, with access to your root password, can damage your machine. Therefore it is recommended to disable root user login and use non-root user access instead for security purposes. You can use the ‘su-’ command to access the root privileges after disabling root logins.

How to disable the root user login?

Again you need to edit the sshd_config file or /etc/ssh/sshd_config file as all of your server settings are stored therein that file.

  1. Login as a root and open the sshd_config file.
  2. Look for #PermitRootLogin or PermitRootLogin yes in that file and change it to: 
    PermitRootLogin no
  3. Then add a user account that you’re gonna use to log in by writing ‘AllowUsers your_username’.
  4. Save the changes.
  5. Restart your SSHD without closing the current root session. 
    sudo systemctl restart sshd
  6. Then open a new terminal and check whether you can log in as the new user you added or not.
  7. After that, you can close the root session.
  8. You can now login as the user you added to have all the root privileges or you can use the ‘su’ command.

4. Use SSH Keys Instead of Passwords

You will use a strong password to secure your server but in some cases, passwords can be cracked or brute-forced. Therefore using an SSH Key login will add an extra layer to your server security.

In SSH key login, you create two keys one public and one private. The private key is associated with your main machine and the public key is installed on the server that you want to access remotely. You can make a connection between the source and destination server with the SSH key pair without using passwords. Once the SSH key pair is configured, you can disable the password login.

Use another tutorial to configure Key-based SSH on Linux.

How does SSH key login work?

Once you initiate a connection request, the server will create an encrypted message by using the public key stored on it. This message will be transmitted to your primary device and the private key will unencrypt the message. Once the message is unencrypted, the primary device will send a confirmation message to the remote server to establish the connection.

5. Disable Empty Passwords

Linux allows users to create empty passwords and allowing empty password login to the server will expose your server to vulnerable cyber attacks. So make sure you disable empty passwords.

How to disable Empty Passwords?

  1. Open the sshd_config file.
  2. Find PermitEmptyPasswords and replace the ‘no’ value with ‘yes’. 
    3. PermitEmptyPasswords  no
  3. Restart the sshd.

This will disable Empty Password login to your server.

Conclusion

Cyber attacks are increasing at an alarming rate and it is a strong security practice to add security layers to your IT environment no matter you are working on a virtual machine or building a server. Implementing the above practices will robust your working environment and it will help you in preventing potential cyberthreats.

, , ,
Show Comments