Server SSH security settings
August 31,2019

SSH is the most common attacker in cyber attacks. Therefore, users who set up SSH in the server must ensure the security mechanism of the server. Usually, the default listening port of SSH is 22, so we can scan through 22 ports or use ip shielding. The way to protect the server, the following is a brief introduction to the server SSH security settings.


Server SSH security settings

Step 1: Change the default port of the server SSH
#http://www.***.com
Sed-i's/#Port22/Port33333/g'/etc/ssh/sshd_config
Here, the default port of ssh is changed to 3333, so as to avoid accidental damage to the 22-port scanning software.

Step 2: Disable root login
Useraddonovps#New username
Passwdonovps#Set password
Sed-i's/#PermitRootLoginyes/PermitRootLoginno/g'/etc/ssh/sshd_config
#Forbid root login
Servicesshdrestart# restart ssh service to take effect
Purpose: Create a new ordinary user login. After logging in, you can su-transfer to the root account, so that the malicious login person cannot guess the user name.

Step 3: Limit the number of failed logins and lock
Vim/etc/pam.d/login
Add under #%PAM-1.0:
Authrequiredpam_tally2.sodeny=5unlock_time=180#Login failed 5 locks for 180 seconds without root
Authrequiredpam_tally2.sodeny=5unlock_time=180even_deny_rootroot_unlock_time=180#include root

Step 4: Allow specific users to log in and edit the ssh configuration file
Vim/etc/ssh/sshd_config
AllowUsersuser
#Default allows all, multiple users separated by spaces, or can deny specific users to log in.
DenyUsersuser

Step 5. Set the number of repeated verifications, default 3 times
MaxAuthTries0
#Error once disconnected

Step 6. Close the ssh port directly with Iptables
Generally, after these six steps, the security of the server ssh can be ensured in a certain aspect. In addition, the server is protected from the DDoS attack of a certain traffic in the high-precision equipment room. The user's server can be contacted by JimCloud technical support personnel in the event of a large traffic attack that causes IP to be disabled.