Skip to main content

Securing SSH

SSH is the primary door to your server. Securing it is the first step in server hardening.

1. Disable Root Login

Edit /etc/ssh/sshd_config:

PermitRootLogin no

2. Use Key-Based Authentication

Disable password authentication to prevent brute-force attacks.

PasswordAuthentication no
PubkeyAuthentication yes

Make sure you have added your public key to ~/.ssh/authorized_keys before restarting the service!

3. Change Default Port (Optional)

Changing the port from 22 reduces log noise from automated scanners.

Port 2222

4. Apply Changes

Restart the SSH daemon:

sudo systemctl restart ssh