Securing SSH in Ubuntu

Securing SSH in Ubuntu

This article shows the basic configuration to setup more secure ssh server on Ubuntu. It should be applicable to all versions of Ubuntu. Requirements An SSH server should be insalled and running, if not, do the following:
apt-get install ssh
This will install the openssh client and server. Open sshd configuration file located at /etc/ssh/sshd_config ( in Ubuntu ) using your favourite editor
vi /etc/ssh/sshd_config
1. The vast majority of ssh attacks are directed by zombie machines to ssh servers listening on the default port on “22”, so change this number can minimise the attacks to your server.
#Port 22
Port 2233
2. There is no good reason for root to be allowed to login directly. If you need root access, you should login using a normal user and using su to login as root account.
#PermitRootLogin yes
PermitRootLogin no
3. Reduce the maximum amount of time allowed to successfully login before disconnecting. 30 seconds should be enough for legitimate users to login into a system.
#LoginGraceTime 120
LoginGraceTime 30
4. Limit the maximum number of invalid login attempts before disconnecting to boost extra security.
#MaxAuthTries 6
MaxAuthTries 2
5. By default, sshd allows all users to login into the system. You can list only the certain users can login via SSH ( * stands for everything ).
AllowUsers trevor yijie eric*
Exit the vi editor by typing vi command
Now restart the ssh server
/etc/init.d/sshd restart
Please note that you will need root access to do the above operations.


Leave a Reply

Your email address will not be published. Required fields are marked *

My new Snowflake Blog is now live. I will not be updating this blog anymore but will continue with new contents in the Snowflake world!