Securing SSH


SSH(Secure Shell) provides a secure way of logging into a remote server. On many relases, the ssh service is ready to use without configuration. But it use a general settings for most circumstances.

This article introduces some useful tips to securing a ssh service against attacks.

Setup Openssh Server

  1. Update Server Configuration(/etc/ssh/sshd_config)

    # Disable protocol 1
    Protocol 2
    # Disable password auth
    PasswordAuthentication no
    # Use a non-standard port
    Port 2345
  2. Setup firewall

    $ firewall-cmd --add-port 2345/tcp
    $ firewall-cmd --add-port 2345/tcp --permanent
  3. Setup Selinux label

    $ semanage port -a -t ssh_port_t -p tcp 2345

Setup Client

# Client ~/.ssh/config
Host myserver
        User bob
        Port 2345