Updated 4/2015
If you have an ssh server running on your network that is accessible to the outside world, on the internet, chances are your systems are being attacked. If you aren’t aware of this, just take a look at your ssh logs in /var/log/auth.
$ egrep -i Failed /var/log/auth.log*
We can do better from a security standpoint. Regardless, ssh definitely still rocks and should be used daily, constantly. Before I moved ssh to a higher, non-standard, port and install Fail2Ban, I was seeing over 1,000 ssh attempts daily in the log files. What’s the saying … ignorance is bliss? Not when it comes to systems security.
This article is for Linux/UNIX users, but the ideas should apply to any OS running an ssh daemon.
Ssh Setup For Higher Security
The order below based on how easy it is to accomplish or setup. None of these configuration changes are hard. All of them can be accomplished in under 5 minutes if you know what you’re doing or 15 minutes if you need to read up a little.
- Listen on a non-standard port
- Use ssh-key-based connections
- No remote root logins with a password – without-password
- Allow only key-based logins from non-LAN IPs (basically any remote ssh connection cannot use a password)
- Lock account after X failed attempts – Fail2Ban
- Automatically block IPs with login failures – Fail2Ban
- Monitor hack attempts – Fail2Ban
Original article published on JDPFu.com 2015 | If you are reading this article elsewhere, it has been reproduced without proper authorization.