If you want to harden and secure your SSH installation on Ubuntu Linux then there are a few simple steps you can follow:
1. Remove root access - this should be the highest priority on your list and not just to prevent hackers. Using a root account to do everyday tasks is a BAD THING and using a root account to ssh onto a server is a VERY BAD THING.
Use a normal account and sudo when you need to play God!
To prevent root access via ssh:
sudo vi /etc/ssh/sshd_config
Find the line that says:
PermitRootLogin yes
and change to:
PermitRootLogin no
2. Reduce the time period that SSH waits for a password. In the same /etc/ssh/sshd_config file there is an entry
LoginGraceTime 120
Reduce this to a more sensible time in seconds, say 30 assuming you have all 10 fingers.
3. Restrict who can ssh onto the machine. In the file /etc/ssh/sshd_config add an entry as follows:
AllowUsers someGuy someOtherGuy
Specifying the users you want to be able to logon separated by spaces.
Once you have completed these steps restart the ssh daemon:
sudo /etc/init.d/ssh restart
0 Responses to “HOW TO: Harden and Secure SSH on Ubuntu Linux”