Securing SSH Server

Introduction

SSH(Secure Shell) provides a secure way of logging into a remote server. On many relases, the ssh service is ready to use without configuration. But it use a general settings for most circumstances.

This article introduces some useful tips to securing a ssh service against attacks.

Setup Openssh Server

1. Update Server Configuration(/etc/ssh/sshd_config)

   # Disable protocol 1
   Protocol 2
   # Disable password auth
   PasswordAuthentication no
   # Use a non-standard port
   Port 2345
   

2. Setup firewall

   $ firewall-cmd --add-port 2345/tcp
   $ firewall-cmd --add-port 2345/tcp --permanent
   

3. Setup Selinux label

   $ semanage port -a -t ssh_port_t -p tcp 2345
   

Setup Client

# Client ~/.ssh/config
Host myserver
HostName 72.232.194.162
        User bob
        Port 2345

References

https://wiki.centos.org/HowTos/Network/SecuringSSH