Connect with us

Hi, what are you looking for?

Linux

How to Harden SSH to Secure a Linux VPS Server

How to Harden SSH to Secure a Linux VPS Server. The SSH plays most important role when perform any remote login to any Linux server. That’s why it is the first targeted method by any hacker to compromise a Linux server. First step that is performed by any sysadmins or devops is to harden SSH to secure it from external attacks and hackers. This tutorial explains you how to secure Linux SSH servers using SSH Hardening Tips.

Tip 1 : Enable Firewall To Protect the SSH Ports

You need to integrate the firewall to protect your SSH Port using IPtables or UFW firewall.

Tip 2 : Enable SSH Key based authentication instead of password based authentication

First of all you need to enable the key based SSH authentication to protect your SSH servers.

Tip 3 : Harden your sshd configuration file

Edit your SSH configuration file

# vi /etc/ssh/sshd_config

Find the given lines

Advertisement. Scroll to continue reading.
PermitRootLogin yes
PasswordAuthentication yes
AllowTcpForwarding YES
ClientAliveCountMax 3
Compression DELAYED
LogLevel INFO
MaxAuthTries 6
MaxSessions 10
Port 22
TCPKeepAlive YES
UsePrivilegeSeparation YES
X11Forwarding YES
AllowAgentForwarding YES

Change it to

PermitRootLogin no
PasswordAuthentication no
AllowTcpForwarding NO
ClientAliveCountMax 2
Compression NO
LogLevel VERBOSE
MaxAuthTries 2
MaxSessions 2
Port 3526
TCPKeepAlive NO
UsePrivilegeSeparation SANDBOX
X11Forwarding NO
AllowAgentForwarding NO

Restart the SSH services to apply the changes.

# systemctl restart sshd

OR

# service sshd restart
Tip 4 : Integrate Advanced Diffie-Hellman Key based algorithm to secure SSH

Integrate Advanced Diffie-Hellman key based algorithm to enhance the security of SSH server.

Tip 5 : Limit SSH Brute-force attack using Fail2ban

Limit SSH Brute-force attack using Fail2ban
Install Fail2ban on Ubuntu / Debian based Distro

Advertisement. Scroll to continue reading.
# apt-get install fail2ban -y

Install Fail2ban on RHEL / CentOS based Distro

Note: you need to install EPEL repository first before proceeding to the given steps

# yum install fail2ban -y

Enable the fail2ban on linux Distro

# cp -rv /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Start the fail2ban services to apply the changes.

# systemctl start fail2ban

OR

# system fail2ban start

Conclusion

Finally you have harden and secured the SSH servers from external attacks implementing above tips to your Linux VPS servers. If you have issues you can use the comment section below.

Advertisement. Scroll to continue reading.
Comments
Advertisement
Advertisement

Linux

DNF stands Dandified YUM and this is the default package manager for RHEL 8 / CentOS 8.  This tutorial explains you how to create...

Linux

If you forget a root password of your RHEL 8 and CentOS 8 and want to reset the password so that the RHEL 8...

Windows

How to auto upgrade JioFi firmware for JioFi 2 / JioFi 3 / JioFi 4 / JioFi 5 / JioFi 6 and other JioFi...

Linux

How to Upgrade WordPress Server from Ubuntu 16.04 to Ubuntu 18.04. Right now, Ubuntu 18.04 has been released with tons of new features. Upgrading...

Linux

How to Enable TLS 1.3 on Nginx Web Server. Nginx is a ultra fast web server optimized for modern web applications and servers. TLS...

Advertisement

You May Also Like

Windows

How to auto upgrade JioFi firmware for JioFi 2 / JioFi 3 / JioFi 4 / JioFi 5 / JioFi 6 and other JioFi...

Linux

DNF stands Dandified YUM and this is the default package manager for RHEL 8 / CentOS 8.  This tutorial explains you how to create...

Windows

How to download and install the Mobile Intel 4 Series Express Chipset Graphics Drivers for Windows 10.  Windows 10 is the one of the...

Windows

How to Install and Configure PCSX2 on Windows 10. The Windows 10 is the most recommended operating system for the Games. In stream platform...