Securing remote SSH is important. Using the default installation for SSH can have its own downfalls when it comes to security. When running an SSH server, there are a few easy steps that will considerably increase the installation?s level of security.
Here is steps you need to follow in order to securing remote SSH.
1. Strong Password
A strong password will help win the fight against an attack. Please take a note not to use standard password.
2. Disable Root login
To disable your Root Logins, you?ll need to edit the SSHD configuration file. All your SSH server settings are stored in the /etc/ssh/sshd_config file.
To disable logging in through SSH as root, change the line to this:
PermitRootLogin no
Then restart your SSHD service by entering one of the following commands:
/etc/init.d/sshd restart
3. Disable Empty Password
You need to prevent remote logins from accounts with empty passwords for added security. Open your /etc/ssh/sshd_config file and update the following line:
PermitEmptyPasswords no
4. Configure Idle Timeout
To avoid having an unattended SSH session, you can set an Idle timeout interval. Open your /etc/ssh/sshd_config file and add the following line:
ClientAliveInterval 360
ClientAliveCountMax 0
5. Using Another Port
You can choose any unused port as long as it?s not used by another service. To change your port, open your /etc/ssh/sshd_config file and add the following lines:
Port 2025
Then restart your SSHD service by entering one of the following commands:
/etc/init.d/sshd restart
6. Using Public/Private Keys Authentication
Public/Private Keys authentication is certainly more secure and a much better solution than password authentication. The Private Key is stored on the computer you login from, while the public key is stored on the .ssh/authorized_keys file on each computer you want to login to.
Here?s how to create a public/private key pair and install them for use on your SSH server:
- Start by generating your key-pair, a public key and a private key. The public key will be placed on the server and you will login with your private key (this needs to be performed on each client machine from which you connect):
ssh-keygen -t rsa
- Copy the public key (id_rsa.pub) to the server and path ~/.ssh/authorized_keys
- Set permission for authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Now try to login with Private Key.