Nội dung
For using a Linux server, the SSH protocol is one of the most important components that we can use to access the server remotely to manage data. Typically, we will access SSH with root privileges, meaning the highest privileges.
Therefore, to help make the server more secure, we should apply SSH access security measures to minimize the risk of intrusion.
In this article, AZDIGI will introduce and guide you through some necessary simple ways to secure SSH on your server. Let’s continue with part II.
II. Methods to improve security when SSH
In this article, AZDIGI will guide you through 10 basic SSH security methods, please follow along.
Method 1: Set a complex password
One of the most effective and simplest security measures is to use a complex password for your VPS. Some VPS providers sometimes use simple and few-character passwords to send to customers. With such a simple password, hackers can easily perform a brute force attack and damage your VPS during use.
For passwords, you should avoid meaningful password formats (e.g., name or phrase) and instead use a format with special characters (including uppercase letters, lowercase letters, numbers, and special characters) and have a character count of 16-18 characters. You can use offline password generators to create random passwords and remember to store these passwords securely.
Here is an example of a password format to use: &gIQlGwL088lMw@$tAD0A
In addition, you can make a habit of changing passwords regularly, perhaps once every 2-3 weeks, to avoid leaked old information and hackers finding old passwords.
To change the password, you can SSH into the VPS and enter the passwd command and enter a new password as shown below:
Method 2: Disable empty password mode
This setting helps prevent SSH login from users without a password. To set this up, you need to edit the file at the path below:
vi /etc/ssh/sshd_config
And add the following line:
PermitEmptyPasswords no
Method 3: Configure Idle Timeout Interval
This function means that you will set a certain time for the user on VPS if nothing will automatically log out. To set this up, you need to edit the file at the path below:
vi /etc/ssh/sshd_config
And add to the following 2 lines:
ClientAliveInterval 360 ClientAliveCountMax 0
Method 4: Change the SSH Port
This is one of the most effective and recommended methods when using and administering a VPS. You can refer to the detailed instructions and how to perform this method at the link below:
Method 5: Use SSH Proxy
This method may be a bit longer but it is quite effective. You can refer to the detailed instructions and how to perform this method at the link below:
Method 6: Use Google Authenticator two-step authentication
With this method, you can refer to the detailed instructions and how to perform this method at the link below.
Method 7: Use Public/Private Keys
With this method, you can refer to the detailed instructions and how to perform this method at the link below:
Method 8: Specify which user is allowed to SSH
vi /etc/ssh/sshd_config
Then add the following line:
AllowUsers user1 user2
This line means that only user1, user2 are allowed to SSH into the VPS. After making adjustments, you can restart the sshd service with the command:
systemctl restart sshd
Method 9: Disable root user login for SSH
vi /etc/ssh/sshd_config
Find and edit the following line:
#PermitRootLogin yes => PermitRootLogin no
Once finished, restart the sshd service with the command:
systemctl restart sshd
Method 10: Use only SSH Protocol 2
SSH supports connections through both Protocol 1 and 2. However, Protocol 1 is old and less secure, so we should disable Protocol 1. You can adjust this by editing the file:
vi /etc/ssh/sshd_config
Find and edit the following line:
#Protocol 2, 1 => Protocol 2 (Nếu không có các bạn thêm vào là được nhé)
After making adjustments, you can restart the sshd service with the command:
systemctl restart sshd
III. Summary
Thus, in this article, AZDIGI introduced you to some ways to secure SSH is extremely simple but brings a quite high efficiency. If you have any other better security, please leave a comment for everyone to refer to.
If you need assistance, you can contact support in the ways below:
- Hotline 247: 028 888 24768 (Ext 0)
- Ticket/Email: You use the email to register for the service and send it directly to: support@azdigi.com .
