Diniz Martins
Mar 3, 20232 min
The SSH server is an encrypted program that uses the SSH protocol to allow users the authority to access other machines’ services securely. However, like other servers, the SSH server may become prone to unauthorized access; thus, it’s necessary to secure the SSH server before using it for remote desktop connections.
To perform the SSH configuration, you will first need to check whether an SSH server is installed on your system. If it’s not, execute the following command:
After the installation, open the SSH configuration file with the name “sshd_config” placed in the “/etc/ssh” directory, but, we highly recommend you create the configuration file backup using the following command:
Now open the SSH configuration file:
Disable Password-Based Authentication - Uncomment the line and replace “yes” with “no”.
Now, save the file using the keys “Ctrl+X”, add “Y” and press Enter.
Denying Empty Password - To perform this step, locate the line “PermitEmptyPasswords” and uncomment it.
Permitting Root Login - To do this, find the option “PermitRootLogin”, uncomment the line and replace the text “prohibit-password” with “no”.
SSH Protocol 2 - Protocol 2 has more advanced security features than Protocol 1, so if you want to use that, you will need to add the line “Protocol 2” to the configuration file as shown below.
Setting a Session Timeout - If the user stays away from his system for 200 seconds, it will automatically log out.
Allow specific user to access the Server - You can also secure the SSH server by allowing only the specific user to access it.
Limit the number of login attempts - To perform this step, locate the “MaxAuthTries” variable.
Running the server in Test Mode - ensure that the above configurations we have made are correct
Reloading the SSH server - make the changes to your Ubuntu system.
Opening the Authorized_keys File - this step requires you to execute some SSH sessions to generate your SSH keys in the file. After some SSH sessions, open the authorization file using the following command:
After opening the authorized_keys file, you can have five options to achieve advanced-level security. These options are as follows:
no-agent-forwarding
no-user-rc
no-pty
no-port-forwarding
no-X11-forwarding
Now, if you want to use any of the above options for a single SSH key. For example, if you want a no-agent forwarding option for the desired SSH key, you can do this using the following syntax:
In the above syntax, replace the DesiredSSHKey with an actual key stored inside the authorized_keys file. Once the above changes are done, you can save the file, and the SSH server will automatically read it as you don’t need to reload the server.