Different methods of securing your Linux Server via ssh

Different methods of securing your Linux Server via ssh

Securing your server helps to to keep it safe and Secured against security threats from Attackers.

Here at Fixwebnode, as part of our Server Management Services, we regularly help our customers to enhance the security of their Server.

In this context, we shall look into the different methods of securing your Server.

 

More about securing your Linux Server via ssh?

With the SSH protocol, remote login within and between computer servers are secured through a Secure Shell.

A  server needs to be secured so as to strengthen the authentication as well as protecting the security for communications and with an enhanced encryption. 

Accessing a server via SSH protocol is more secured that using non-protected login protocols such as FTP, Telnet and RLogin.

Sometimes some Linux users often see the following warning message on a freshly deployed Server;

Last failed login: Mon May 21 11:51:07 CEST 2020 from 200.12.0.126 on ssh:notty
There were 800 failed login attempts since the last successful login.

This shows that there were multiple attacks launched by an attacker against your server.

Now let us see the different ways to secure a Server in order to prevent any security vulnerability.

 

Methods applied to secure Server via SSH

i. Modifying the default SSH port

Changing the default port of your SSH access will help to minimize attacks on your server. The default port for SSH access is 22.

Lets say you want to change it to 9022, use the following command to edit the ssh configuration file "sshd_config";

$ nano /etc/ssh/sshd_config

In this file, scroll down to where port 22 is located and uncomment the line.

Change the port to your proposed one and save the file. 

To effect changes, exit this file and restart the sshd service with the command below;

$ systemctl restart sshd

Now you can verify the port assigned to SSH with the command below;

$ netstat -ntulp | grep ssh

You can now connect with the new port when next you try to connect to your server via an SSH client such as putty with the command below;

$ ssh root@ip_address  -p9022

ii. SSH Access Restriction using iptables

To improve security of your Server, you can restrict the connection to SSH to use your IP address as authorized by you. 

Lets say your server IP address is "101.291.002.001", you can run the command below;

$ iptables -A INPUT -p tcp -m tcp --dport 9022 -s 101.291.002.001 -j ACCEPT

If you want to disable SSH connection from all other hosts, you can use the command below;

$ iptables -A INPUT -p tcp -m tcp --dport 9022 -m state --state NEW -j DROP

Now to save this new rule, run the command below;

iptables-save > /etc/sysconfig/iptables

iii. Improving Security of your Server by disabling password based logins on your server

So you know that password authentication to your Server via SSH poses a big security issue if the password is a weak one? It is better to generate SSH keys for SSH authentication.

Therefore, you can disable the server password by editing the sshd configuration file of your server with the following command;

$ nano /etc/ssh/sshd_config

You will see an output such as this;

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no

You can see that we changed the last line to "PasswordAuthentication no".

Note: Before implementing this changes, ensure that you have created an SSH key for your Server! 

Now you can restart the sshd service to effect changes you made to the configuration. Use the command below;

$ systemctl restart sshd

Now your server will be secured  and safe from hackers and Attackers.

 

Need support in Securing your Ubuntu, CentOS and Debian Server? We are available to help you today.

 


Conclusion

Steps to secure your Linux Server via SSH protocol. This article will take you through some key steps to help you secure your Server via SSH protocol.


icon

Sign up to our Newsletter

...and get one free support ticket.