TRENDING
  • Linux
  • Shell Script
  • Cloud
  • DevOps
  • About US
SUBSCRIBE
  • CLOUD
  • DEVOPS
  • LINUX
  • SHELL SCRIPT
Reading: How to Harden and Secure SSH on Ubuntu / AlmaLinux / Rocky Linux
Share
TechBrownTechBrown
Aa
  • CLOUD
  • DEVOPS
  • LINUX
  • SHELL SCRIPT
Search
  • CLOUD
  • DEVOPS
  • LINUX
  • SHELL SCRIPT
Follow US
© 2014 - 2022 TechBrown. All Rights Reserved.
Linux

How to Harden and Secure SSH on Ubuntu / AlmaLinux / Rocky Linux

July 3, 2017
Share
3 Min Read
SHARE
Contents
Tip 1 : Enable Firewall To Protect the SSH Ports.Tip 2 : Enable SSH Key based authentication instead of password based authentication.Tip 3 : Harden your sshd configuration file.Tip 4 : Integrate Advanced Diffie-Hellman Key based algorithm to secure SSH.Tip 5 : Limit SSH Brute-force attack using Fail2ban.

The SSH plays most important role when perform any remote login to any Linux server. That’s why it is the first targeted method by any hacker to compromise a Linux server. First step that is performed by any sysadmins or DevOps engineer is to harden SSH to secure it from external attacks and hackers. This tutorial explains you how to secure AlmaLinux / Rocky Linux / Amazon Linux SSH servers using SSH Hardening Tips.

Tip 1 : Enable Firewall To Protect the SSH Ports.

First of all You need to integrate the firewall to protect your SSH Port using UFW firewall and Firewalld firewall.

Tip 2 : Enable SSH Key based authentication instead of password based authentication.

Secondly you need to enable the key based SSH authentication to protect your SSH servers.

Tip 3 : Harden your sshd configuration file.

Then Edit your SSH configuration file.

# vim /etc/ssh/sshd_config

After that Find the given lines

PermitRootLogin yes
PasswordAuthentication yes
AllowTcpForwarding YES
ClientAliveCountMax 3
Compression DELAYED
LogLevel INFO
MaxAuthTries 6
MaxSessions 10
Port 22
TCPKeepAlive YES
UsePrivilegeSeparation YES
X11Forwarding YES
AllowAgentForwarding YES

As soon as Change it to

PermitRootLogin no
PasswordAuthentication no
AllowTcpForwarding NO
ClientAliveCountMax 2
Compression NO
LogLevel VERBOSE
MaxAuthTries 2
MaxSessions 2
Port 3526
TCPKeepAlive NO
UsePrivilegeSeparation SANDBOX
X11Forwarding NO
AllowAgentForwarding NO

Finally Restart the SSH services to apply the changes.

# systemctl restart sshd

Tip 4 : Integrate Advanced Diffie-Hellman Key based algorithm to secure SSH.

Firstly Integrate Advanced Diffie-Hellman key based algorithm to enhance the security of SSH server.

Tip 5 : Limit SSH Brute-force attack using Fail2ban.

Secondly Limit SSH Brute-force attack using Fail2ban.
Install Fail2ban on Ubuntu / Debian based distribution,

# apt install fail2ban -y

Install Fail2ban on Alma / Rocky / Amazon Linux based distribution.

Note: you need to install EPEL repository first before proceeding to the given steps.

# yum install fail2ban -y

Enable the fail2ban on Linux distribution.

# cp -rv /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Start the fail2ban services to apply the changes.

# systemctl start fail2ban

Congratulations now you have harden and secure the SSH on Ubuntu and AlmaLinux / Rocky Linux / Amazon Linux.

You Might Also Like

How to Optimize MySQL Performance on AlmaLinux / Rocky Linux

How to Enable TLS 1.3 on Apache and Nginx

5 Security Tips to Protect your WordPress Website from Hackers

How to Enable AES-128 Bit SSL Cipher with TLS 1.3 on Nginx Web Server

How to Set Up NGINX Web Server on AlmaLinux / Rocky Linux

Sign Up For Newsletter

Be keep up! Get the latest articles delivered straight to your inbox.

TechBrown Solutions July 3, 2017
Share this Article
Facebook TwitterEmail Print
Share
Leave a comment Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

TRENDING

Linux

5 Security Tips to Protect your WordPress Website from Hackers

Linux

How to Install Bitdefender Antivirus Scanner on Ubuntu / Debian

Linux

How to Install Sphinx-Doc on Ubuntu / AlmaLinux / Rocky Linux

Linux

How to Configure Squid Proxy Server on AlmaLinux / Rocky Linux

You Might Also Like

Linux

How to Optimize MySQL Performance on AlmaLinux / Rocky Linux

October 19, 2021
Linux

How to Enable TLS 1.3 on Apache and Nginx

March 14, 2021
Linux

5 Security Tips to Protect your WordPress Website from Hackers

November 8, 2020
Linux

How to Enable AES-128 Bit SSL Cipher with TLS 1.3 on Nginx Web Server

November 7, 2020

Always Stay Up to Date

Subscribe to our newsletter to get our newest articles instantly!

Follow US on Social Media

Facebook Twitter Youtube Rss

© 2014 - 2022 Techbrown. All Rights Reserved.

  • About Us
  • Terms of Service
  • Cookie Policy
  • Privacy Policy
By using this site, you agree to the Privacy Policy, Cookie Policy and Terms of Service.
Accept

Removed from reading list

Undo
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?