Main

  • Home
  • CyberPanel
  • VPS Offers
    • Locations
      • Canada
      • Singapore
      • USA
      • Italy
    • Managed
  • Submit VPS Offer
  • Contact US

Categories

  • Apache
  • Backup
  • Cloud
  • cPanel/WHM
  • Cross Site Scripting
  • CyberPanel
  • DigitalOcean
  • Disk Quota Exceeded
  • DNS
  • Email
  • Filesystem
  • Firewall
  • FTP
  • Home
  • Hosting
  • Linux
  • MYSQL
  • Network
  • News
  • Nginx
  • nmap
  • OpenLiteSpeed
  • OpenStack
  • Package Managment
  • Partitioning
  • PHP
  • Proxmox
  • Proxy
  • Python
  • Rewrite
  • Security
  • Snort
  • SQL Injection
  • SSH
  • Symfony
  • Vesta CP
  • Virtualization
  • VPS Offers
    • Locations
      • Canada
      • Italy
      • Singapore
      • USA
    • Managed
  • Vulnerabilities
  • Web Server
  • Wordpress

First step: Secure your SSH

Posted on July 7, 2016 by Usman Nasir Leave a comment

Table of Contents

  • SSH Protocol
  • SSH Port
  • Disable Root Login
  • Disable authentication using password!

One of the first step towards securing your server is to limit the attack points as I already mentioned here. How ever SSH is one of the most important service if you are managing your server remotely, so definitely you can shutdown this service in case you can access your machine physically (then you can shut down the SSH service)

The first good thing that you can do regarding SSH is to enable password less authentication.

  • Password less SSH authentication using public/private keys

SSH Protocol

First thing that you need to check with your SSH is the protocol you are currently using, their are currently two protocols

  • Protocol 1
  • Protocol 2

Most linux distribution now a days ship with Protocol 2 already enabled (which is what we actually want), how ever you can use the command below to check which protocol you are using:

1
cat /etc/ssh/sshd_config |grep Protocol

It will either print out  Protocol 1 or  Protocol 2 , if its Protocol 2, then you are good to go.

If not then you can use your favorite editor, to edit the  file, I will use vi editor, and run the following command

1
vi /etc/ssh/sshd_config

Now find the line which says

Protocol 1

And change it to -> Protocol 2, and restart your ssh service using:

1
service sshd restart

Now you are on protocol 2 and good to go.

SSH Port

Ports are like doors to the home, ports are open gates on your server, and by default SSH works on port 22, so if some one is trying to access or hack your server, they will connect to SSH port 22. Changing your port may not protect you from all hacking attempts since port scanning can be used to map your open ports. How ever it will make it a little hard for the hacker, so lets find out what port SSH is currently listening on (if you have not changed then most probably it will be 22).

1
cat /etc/ssh/sshd_config |grep Port

Change port

To change your SSH port, again you need to modify the same file, find these lines

1
2
3
4
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

and change it to

1
2
3
4
Port 5550
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

Your new SSH port will be 5550,  now while connecting to your SSH, you need to use ‘p’ flag to specify the custom port, using the command below

1
ssh -p 5550 root@192.168.1.5

Disable Root Login

Don’t disable root login if you don’t have any other user on your machine yet, first make sure that you have another user on your machine that can access ssh.

Then you can edit the same file, find the line  PermitRootLogin yes and change it to  PermitRootLogin no .

Disable authentication using password!

If you already have password less authentication in place, as I mentioned in the start of this post. Then their is no point of allowing login via password, you can stop authentication using password altogether.

Find the line  PasswordAuthentication yes and change it to  PasswordAuthentication no .

Please note that if you do not have password less authentication in place and you disable access through password, you might be locked out of your machine, in case you can not access it physically, so make sure before making this change.

Share this:

  • Tweet

Related

Categories: SSH

Tags: how to disable login using password on ssh, how to disable root login, how to secure ssh, secure ssh, secure ssh server

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

« Password less SSH Authentication using public/private keys
How to install/un-install packages using yum and apt-get in Linux »

Recent Posts

  • [Solved] ‘SSH Connection refused in DigitalOcean’
  • [Solved] Disk Quota Exceeded
  • How to resolve “localhost connection refused”?
  • FTP 550 No such file or directory
  • Plesk Alternative: CyberPanel! Hosting Control Panel for LiteSpeed

Categories

  • Apache
  • Backup
  • Canada
  • Cloud
  • cPanel/WHM
  • Cross Site Scripting
  • CyberPanel
  • DigitalOcean
  • Disk Quota Exceeded
  • DNS
  • Email
  • Filesystem
  • Firewall
  • FTP
  • Home
  • Hosting
  • Italy
  • Linux
  • Locations
  • Managed
  • MYSQL
  • Network
  • News
  • Nginx
  • nmap
  • OpenLiteSpeed
  • OpenStack
  • Package Managment
  • Partitioning
  • PHP
  • Proxmox
  • Proxy
  • Python
  • Rewrite
  • Security
  • Singapore
  • Snort
  • SQL Injection
  • SSH
  • Symfony
  • USA
  • Vesta CP
  • Virtualization
  • VPS Offers
  • Vulnerabilities
  • Web Server
  • Wordpress

Archives

  • January 2020
  • May 2019
  • December 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016

Recent Comments

  • cPanel Alternative: CyberPanel! Hosting Control Panel for LiteSpeed | Linux Tutorials and Guides on How to setup cloudflare for your domain!
  • srijyothi on Automate Cross Site Scripting (XSS) attack using Beautiful Soup and Mechanize
  • srijyothi on Automate Cross Site Scripting (XSS) attack using Beautiful Soup and Mechanize
  • Max on Automate Cross Site Scripting (XSS) attack using Beautiful Soup and Mechanize
  • Richard on How to install OpenStack and Create your First Virtual Machine/Instance!

Tags

550 Error Address Rejected alternative connection creating password less ssh authentication cyberpanel Email error firewall hostfav hostfav review how to access ssh without password how to disable login using password on ssh how to disable root login how to install packages using yum and apt-get in linux how to install snort how to secure ssh how to un-install packages using yum and apt-get in linux how to use burp proxy kvm vps litespeed LXC High Availability VPS nginx nvme kvm vps openlitespeed password less ssh authenticaion penetration testing with python prometeus.net review prometeus review public/private key authentication refused secure ssh secure ssh server snort apache rules snort as waf snort mysql rules snort sql injection rules ssd vps user unknown use snort as web application firewall vps in italy vps in milan vps in milan italy wordpress xen vps
  • Home
  • CyberPanel
  • VPS Offers
  • Submit VPS Offer
  • Contact US

Powered by WordPress and HeatMap AdAptive Theme