Securing SSH

Sometimes you have servers hanging out in the public internet in ways that you have little control over the network and hardware firewalls. Setting up a hosted server, such as a Virtual Private Server (VPS) or “node” in the cloud can be scary. Fortunately software firewalls, such as iptables, can add a little to piece of mind. But, in these days of automated attacks, it is still not enough.

Usually the primary means of access to these servers is SSH. There are a couple really simple things can be done to make SSH more secure. I recently setup a new node on Linode. In the first hour there were 779 failed login attempts from hostile sources. As you can see, both sources of attack are from a hosts in china.


Most of these were against commonly used account names:

715 root
 28 bin
  5 oracle
  4 r00t

This is not unusual activity and why the first three things I do is change the port number SSH listens on, disallow “root” logins, and specify which accounts are allowed to use SSH. These are all done by making changes to the sshd_config (on CentOS & Ubuntu it’s /etc/ssh/sshd_config) file:

#Default Port 22, choose an available port above 1024.
Port 3434
# Prevent root logins:
PermitRootLogin no

#Allow only these specific users
AllowUsers jaye rileys

After making the changes restart sshd (“service sshd restart” or “/etc/init.d/ssh restart” or “stop ssh ; start ssh”). But first, make sure to verify that the port you chose is available by running:

netstat -an | grep <port #> && LISTEN

Replace “<port #>” with the port that you chose.

These three changes can help protect you from most automated attacks. There are several other changes that I make. More of them can be found in my wiki under Securing SSH.


banner ad

Comments are closed.