Random thoughts on technology, cycling and the outdoors.

14 Jun 2019

Security Harden Ssh

This is a quick guide on hardening sshd on a server.

I like ‘vim’ as my editor, but you can use vi or nano. If you don’t know what I’m talking about use ‘nano’

Open the sshd config in your editor of choice: vim /etc/ssh/sshd_config. We will mostly be removing the comment character # from the beginning of the line, and then making any change to the value.

Disallow Root Login

Find the line #PermitRootLogin no and change it to:

PermitRootLogin no

Disallow Password Logins

Find the line #PasswordAuthentication yes and change it to:

PasswordAuthentication no

Resrtict Users

Find the line #AllowUsers, or create it if it doesn’t exist, and change it to:

AllowUsers your-user-name

Change Port

If you chose to use a different port, find the line #Port 22 and change it to:

Port number-you-want

Then after you save the file, :wq in vim. Restart sshd, sudo systemctl sshd restart.