Setup SSH security on a Linux machine

Enable key-based authentication

First, enable key-based authentication. It is much more secure than using passwords. Find out how to do so here:

Enabling SSH key-based authentication on a Linux machine

It is recommended to use key-based authentication over passwords. Generating a key pair on your local machine We need a public-private key pair to authenticate with the server. If you have one already, skip this step. If not, enter the following command to generate a key pair. ssh-keygen -t ed25…

Tim Tran's BlogTim Tran

Disable password authentication and SSH as root

Edit sudo nano /etc/ssh/sshd_config and find the following lines. If they are commented with a #, un-comment them by deleting the # and ensure they have these values. If any of these line doesn't exist in your file, add it to the end of file.

PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Reload the SSH service

/etc/init.d/ssh reload

Finally, test the config by trying to SSH from a machine with no authorized key. Normally if no key is detected you will be prompted for a password, but in our case it should deny access.

Change the SSH port

Edit the config file sudo nano /etc/ssh/sshd_config and find this line. Normally it would be commented out like this:

#Port 22

Un-comment the line and and change it to something else. Eg.

Port 6543

Reload the SSH service

/etc/init.d/ssh reload

Test your new config:

ssh user@host -p 6543