Secure SSH Setup

Written by Servers for Hackers / Original link on May. 18, 2020

We configure SSH to be a bit more secure. We enforce the use of SSH-key based access and ensure that the root user cannot log in over SSH directly.

Edit /etc/ssh/sshd_config:

# Important
PermitRootLogin no
PasswordAuthentication no

# Double check these
PubkeyAuthentication yes
PermitEmptyPasswords no

# Optional
AllowUsers fideloper
AllowGroups sudo ssh

Then restart ssh:

sudo service ssh restart

We'll also install fail2ban, which will check our /var/log/auth.log file for repeated SSH login failures and ban further logins from the source (IP) of those logins, giving us extra protections against brute-force based SSH access attempts.

sudo apt-get install -y fail2ban

Check to make a file exists within /etc/fail2ban/jail.d exists with the sshd config similar this:

enabled = true


« Secure Firewall Setup - Secure User Setup »