Question

How to properly secure SSH?

Posted June 12, 2014 5.2k views
Hello, I logged into my server today to find out there's been 157 unsuccessful attempts to login. I installed and configured fail2ban right away (I hope jail.local is fine). (I forgot to do it...) Protocol 2 is used by default in Fedora - so that's okay. I'm not sure if I should change the SSH port though. https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/ http://www.danielmiessler.com/blog/putting-ssh-another-port-good-idea Do you think it's a good idea to change it if it's done properly? If I use port-knocking it should be okay, right? Or do you think I should leave it alone? Thank you!
Add a comment
assassinsiicreed
By:
assassinsiicreed

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
Woet June 12, 2014
Public keys.
Reply Report
asb June 12, 2014
It's very often recommended to change the SSH port, in fact our initial server setup guide suggests that you do it: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04 Of course, there is some debate on the subject. You seem to have already found good opinions on both sides. Personally, I don't usually change it on my servers. Though that's because I've taken other steps to secure them (and partially laziness!). Installing fail2ban is a good step. I'd strongly encourage that you use SSH key pairs and disable password authentication.
Initial Server Setup with Ubuntu 14.04
by Justin Ellingwood
When you start a new server, there are a few steps that you should take every time to add some basic security and set a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 14.04.
Reply Report
Submit an Answer

Looking for something else?

Ask a new question Search for more help