Home Linux Server Security-enhancing methods for SSH that you should know

Security-enhancing methods for SSH that you should know

by Thạch Phạm
Published: Last Updated on
A+A-
Reset

For using a Linux server, the SSH protocol is one of the most important components that we can use to access the server remotely to manage data. Typically, we will access SSH with root privileges, meaning the highest privileges.

Therefore, to help make the server more secure, we should apply SSH access security measures to minimize the risk of intrusion.

In this article, AZDIGI will introduce and guide you through some necessary simple ways to secure SSH on your server. Let’s continue with part II.

II. Methods to improve security when SSH

In this article, AZDIGI will guide you through 10 basic SSH security methods, please follow along.

Method 1: Set a complex password

One of the most effective and simplest security measures is to use a complex password for your VPS. Some VPS providers sometimes use simple and few-character passwords to send to customers. With such a simple password, hackers can easily perform a brute force attack and damage your VPS during use.

For passwords, you should avoid meaningful password formats (e.g., name or phrase) and instead use a format with special characters (including uppercase letters, lowercase letters, numbers, and special characters) and have a character count of 16-18 characters. You can use offline password generators to create random passwords and remember to store these passwords securely.

Here is an example of a password format to use: &gIQlGwL088lMw@$tAD0A

In addition, you can make a habit of changing passwords regularly, perhaps once every 2-3 weeks, to avoid leaked old information and hackers finding old passwords.

To change the password, you can SSH into the VPS and enter the passwd command and enter a new password as shown below:

Security-enhancing methods for SSH

Method 2: Disable empty password mode

This setting helps prevent SSH login from users without a password. To set this up, you need to edit the file at the path below:

AZDIGI Tutorial
vi /etc/ssh/sshd_config
    

And add the following line:

PermitEmptyPasswords no
Security-enhancing methods for SSH

Method 3: Configure Idle Timeout Interval

This function means that you will set a certain time for the user on VPS if nothing will automatically log out. To set this up, you need to edit the file at the path below:

AZDIGI Tutorial
vi /etc/ssh/sshd_config
    

And add to the following 2 lines:

ClientAliveInterval 360
ClientAliveCountMax 0
Security-enhancing methods for SSH
So that means that if there is no activity for 360 seconds (6 minutes), the user will be automatically logged out.

Method 4: Change the SSH Port

This is one of the most effective and recommended methods when using and administering a VPS. You can refer to the detailed instructions and how to perform this method at the link below:

Method 5: Use SSH Proxy

This method may be a bit longer but it is quite effective. You can refer to the detailed instructions and how to perform this method at the link below:

Method 6: Use Google Authenticator two-step authentication

With this method, you can refer to the detailed instructions and how to perform this method at the link below.

Method 7: Use Public/Private Keys

With this method, you can refer to the detailed instructions and how to perform this method at the link below:

Method 8: Specify which user is allowed to SSH

AZDIGI Tutorial
vi /etc/ssh/sshd_config
    

Then add the following line:

AllowUsers user1 user2
Security-enhancing methods for SSH
Remember to replace user1, user2 with your own username.

This line means that only user1, user2 are allowed to SSH into the VPS. After making adjustments, you can restart the sshd service with the command:

AZDIGI Tutorial
systemctl restart sshd
    

Method 9: Disable root user login for SSH

AZDIGI Tutorial
vi /etc/ssh/sshd_config
    

Find and edit the following line:

#PermitRootLogin yes     =>    PermitRootLogin no
Security-enhancing methods for SSH

Once finished, restart the sshd service with the command:

AZDIGI Tutorial
systemctl restart sshd
    

Method 10: Use only SSH Protocol 2

SSH supports connections through both Protocol 1 and 2. However, Protocol 1 is old and less secure, so we should disable Protocol 1. You can adjust this by editing the file:

AZDIGI Tutorial
vi /etc/ssh/sshd_config
    

Find and edit the following line:

#Protocol 2, 1      =>    Protocol 2  
(Nếu không có các bạn thêm vào là được nhé)
Security-enhancing methods for SSH

After making adjustments, you can restart the sshd service with the command:

AZDIGI Tutorial
systemctl restart sshd
    

III. Summary

Thus, in this article, AZDIGI introduced you to some ways to secure SSH is extremely simple but brings a quite high efficiency. If you have any other better security, please leave a comment for everyone to refer to.

If you need assistance, you can contact support in the ways below:

Đánh giá

Tham gia nhóm hỗ trợ Server - Hosting

Tham gia nhóm Hỗ trợ Server - Hosting & WordPress để cùng nhau hỏi đáp và hỗ trợ các vấn đề về WordPress, tối ưu máy chủ/server.

Tham gia ngay

Bài viết cùng chuyên mục

AZDIGI – Không chỉ là đơn vị hàng đầu trong lĩnh vực Web Hosting và Máy chủ, chúng tôi mong muốn mang lại những kiến thức bổ ích nhất và luôn cập nhật thường xuyên cho cộng đồng người đam mê thiết kế website, công nghệ,…

Vui lòng không sao chép nội dung nếu chưa xin phép. Designed and Developed by PenciDesign