Tips for securing your SSH server

Protected Session

Article from Issue 241/2020
Author(s):

An SSH server facing the Internet will almost certainly be under attack, but a few proactive steps will help to keep the intruders away.

Secure Shell, better known as SSH, is a secure communication protocol used to execute commands on remote servers. SSH works on a client/server architecture. Data transferred through SSH is automatically encrypted using symmetric, asymmetric, and hashing algorithms. At receiving end, the data is automatically decrypted.

About 90 percent of system administrators use SSH to access their servers and configure them remotely. Users overwhelmingly prefer SSH over Telnet, an alternative communication protocol that is now considered insecure. SSH makes the data in transit more secure, but if you wish to secure an SSH server, you need to take some additional steps. Following are some measures that will help you protect your SSH server from attack.

Public Keys Instead of Passwords

The article on "System Hardening" elsewhere in this issue mentioned the benefits of using key authentication rather than passwords with SSH. Your password can be cracked by intruders, and you could end up getting hacked by a simple brute-force password attack. Here is a quick reprise on how to set up key-based authentication.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • SSH Security

    SSH brute-force attacks are still a major threat to Linux servers in 2025. Learn how to block them with key-only logins, Fail2ban, iptables, knockd, and more.

    more »
  • Tutorials – Server Security

    Fear not the barbarians of cyberspace, and follow our guide to shoring up your digital defenses.

    more »
  • Two-Factor Authentication

    Add an extra layer of protection with one-time passwords.

    more »
  • Fail2ban

    Fail2ban is a quick to deploy, easy to set up, and free to use intrusion prevention service that protects your systems from brute force and dictionary attacks.

    more »
  • Hardening Linux for Production Use

    To protect your production server from attacks, employ these common security tools to help safeguard your system.

    more »
comments powered by Disqus