top of page

Protect SSH Server in Ubuntu

The SSH server is an encrypted program that uses the SSH protocol to allow users the authority to access other machines’ services securely. However, like other servers, the SSH server may become prone to unauthorized access; thus, it’s necessary to secure the SSH server before using it for remote desktop connections.


To perform the SSH configuration, you will first need to check whether an SSH server is installed on your system. If it’s not, execute the following command:

​$ sudo apt install openssh-server

After the installation, open the SSH configuration file with the name “sshd_config” placed in the “/etc/ssh” directory, but, we highly recommend you create the configuration file backup using the following command:

$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Now open the SSH configuration file:

​sudo nano /etc/ssh/sshd_config

Disable Password-Based Authentication - Uncomment the line and replace “yes” with “no”.

Now, save the file using the keys “Ctrl+X”, add “Y” and press Enter.

​# To disable tunneled clear text passwords, change to no here!

PasswordAuthentication no

Denying Empty Password - To perform this step, locate the line “PermitEmptyPasswords” and uncomment it.

# To disable tunneled clear text passwords, change to no here!

PermitEmptyPasswords no

Permitting Root Login - To do this, find the option “PermitRootLogin”, uncomment the line and replace the text “prohibit-password” with “no”.

​# Authentication:

PermitRootLogin no

SSH Protocol 2 - Protocol 2 has more advanced security features than Protocol 1, so if you want to use that, you will need to add the line “Protocol 2” to the configuration file as shown below.

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented. Uncommented options override the

# default value.

Protocol 2

Include /etc/ssh/sshd_config.d/*.conf

Setting a Session Timeout - If the user stays away from his system for 200 seconds, it will automatically log out.

​ClientAliveInterval 200

Allow specific user to access the Server - You can also secure the SSH server by allowing only the specific user to access it.

AllowUsers STENGE

Limit the number of login attempts - To perform this step, locate the “MaxAuthTries” variable.

# Authentication:

MaxAuthTries 4

PermitRootLogin no

Running the server in Test Mode - ensure that the above configurations we have made are correct

​$ sudo sshd –t

Reloading the SSH server - make the changes to your Ubuntu system.

$ sudo service sshd reload

Opening the Authorized_keys File - this step requires you to execute some SSH sessions to generate your SSH keys in the file. After some SSH sessions, open the authorization file using the following command:

​$ sudo nano ~/.ssh/authorized_keys

After opening the authorized_keys file, you can have five options to achieve advanced-level security. These options are as follows:


no-agent-forwarding

no-user-rc

no-pty

no-port-forwarding

no-X11-forwarding


Now, if you want to use any of the above options for a single SSH key. For example, if you want a no-agent forwarding option for the desired SSH key, you can do this using the following syntax:

no-agent-forwarding <DesiredSSHKey>

In the above syntax, replace the DesiredSSHKey with an actual key stored inside the authorized_keys file. Once the above changes are done, you can save the file, and the SSH server will automatically read it as you don’t need to reload the server.




29 views0 comments

Recent Posts

See All

Raspberry Pi-hole | Block ADS

Display ads are a huge annoyance that everyone could do without, but blocking them has always been harder to do on mobile devices than on desktops. Pi-hole solves this problem by turning your Raspberr

TAILS OS - Portable anonymity

Tails (The Amnesic Incognito Live System) is a computer operating system made with Linux and based on Debian. It's designed to be as anonymous as possible, preventing all manner of tracking and survei

Shell Genie | ChatGPT

Shell Genie is a new command line tool that can be used to ask how to perform various tasks, and it gives you the shell command you need. To generate the commands, it uses OpenAI's GPT-3 or Free Genie

bottom of page