8 ways to secure SSH server connections on Linux

SSH is a widely used protocol to securely access Linux servers. Most users use SSH connection with default settings to connect to remote server. However, insecure default configurations also pose various security risks.

The server root account with open SSH access may be at risk. And especially if you are using a public IP address, it will be a lot easier to hack the root password. So, knowledge of SSH security is required.

Here's how you can secure your SSH server connections on Linux.

1. Disable root user login

First, disable the SSH access of the root user and create a new user with root privileges. Disabling server access for the root user is a defensive strategy that prevents attackers from achieving their goal of breaking into a system. For example, you could create a user named exampleroot like this:

useradd -m exampleroot passwd exampleroot usermod -aG sudo exampleroot

Here is a brief explanation of the aforementioned commands:

1. useradd creates a new user and the -m parameter creates a directory in the home directory for the user you created.
2. The passwd command is used to assign a password to a new user. Remember that the password you assign to a user must be complex and difficult to guess.
3. usermod -aG sudo adds the newly created user to the admin group.

After the user creation process, some changes need to be made to the sshd_config. You can find this file at /etc/ssh/sshd_config. Open the file with any text editor and make the following changes:

# Authentication: #LoginGraceTime 2m PermitRootLogin no AllowUsers exampleroot

The PermitRootLogin line will prevent the root user from accessing it remotely using SSH. Including exampleroot in the AllowUsers list grants the necessary permissions to the user.

Finally, restart the SSH service with the following command:

sudo systemctl restart ssh

If it fails and you get an error message, try the command below. This may vary based on the Linux distribution you use.

sudo systemctl restart sshd

2. Change the default gateway

The default SSH connection port is 22. Of course, all attackers know this and therefore need to change the default port number to ensure SSH security. Although an attacker can easily find a new port number by scanning Nmap, the goal here is to make the attacker's job more difficult.

To change the port number, open /etc/ssh/sshd_config and make the following changes to the file:

Include /etc/ssh/sshd_config.d/*.conf Port 5922

After this step, restart the SSH service again with:

sudo systemctl restart ssh.

Now you can access your server using the port you just defined. If you are using a firewall, you must also make the necessary rule changes there. When you run the command netstat -tlpn , you can see that the port number for SSH has changed.

3. Block access for users with blank passwords

There may be passwordless users on your system that you have inadvertently created. To prevent such users from accessing the server, you can set the PermitEmptyPasswords line value in the sshd_config file to no.

PermitEmptyPasswords no

4. Limit login/access attempts

By default, you can access the server by making as many password attempts as you like. However, attackers can use this vulnerability to attack the server. You can automatically disconnect SSH after a certain number of attempts by specifying how many password attempts are allowed.

To do this, change the MaxAuthTries value in the sshd_config.

MaxAuthTries 3

5. Use SSH version 2

The second version of SSH was released due to many vulnerabilities in the first version. By default, you can allow the server to use the second instance by adding the Protocol parameter to your sshd_config file. This way all your future connections will use the second instance of SSH.

Include /etc/ssh/sshd_config.d/*.conf Protocol 2

6. Disable TCP port forwarding and X11 . forwarding

Attackers can try to gain access to your other systems by forwarding ports through SSH connections. To avoid this, you can disable AllowTcpForwarding and X11Forwarding in the sshd_config.

X11Forwarding no AllowTcpForwarding no

7. Connect using SSH key

One of the most secure ways to connect to your server is by using an SSH key. Using SSH key, you can access the server without password. In addition, you can completely disable password access to the server by changing the password-related parameters in the sshd_config file.

When you generate an SSH key, there are two keys: Public and Private. The public key is uploaded to the server you want to connect to, and the private key is stored on the computer to which you will establish the connection.

Generate an SSH key using the ssh-keygen command on your computer. Do not leave the Passphrase field blank and remember the password you entered here. If left blank, you will only be able to access it with the SSH key file. However, if you set a password, you can prevent an attacker with the key file from accessing it. For example, you can generate an SSH key with the following command:

ssh-keygen

8. IP Restrictions for SSH Connections

In most cases, the firewall blocks access using its own standard frameworks and aims to protect the server. However, this is not always enough and you need to increase this security potential.

To do this, open the file /etc/hosts.allow. With the additions you make to this file, you can restrict SSH permissions, allow a specific block of IPs, or enter a single IP and block all remaining IP addresses with the deny command.

Below you will see some sample settings. After doing these, restart the SSH service as usual to save the changes.

Data and data security issues are quite detailed and should be reviewed by all server administrators. Server security is a very sensitive issue because the main focus of attacks is on web servers and they contain almost any information about a system. Since most servers run on Linux infrastructure, it is very important to be familiar with the Linux system and server administration.

SSH security is just one of the ways to protect the server. The damage you take can be minimized by stopping, blocking, or slowing an attack. In addition to providing SSH security, you can implement a variety of methods to secure your Linux servers.