How to properly secure SSH?

June 12, 2014 4k views
Hello, I logged into my server today to find out there's been 157 unsuccessful attempts to login. I installed and configured fail2ban right away (I hope jail.local is fine). (I forgot to do it...) Protocol 2 is used by default in Fedora - so that's okay. I'm not sure if I should change the SSH port though. Do you think it's a good idea to change it if it's done properly? If I use port-knocking it should be okay, right? Or do you think I should leave it alone? Thank you!
2 Answers
Public keys.
It's very often recommended to change the SSH port, in fact our initial server setup guide suggests that you do it: Of course, there is some debate on the subject. You seem to have already found good opinions on both sides. Personally, I don't usually change it on my servers. Though that's because I've taken other steps to secure them (and partially laziness!). Installing fail2ban is a good step. I'd strongly encourage that you use SSH key pairs and disable password authentication.
by Justin Ellingwood
When you start a new server, there are a few steps that you should take every time to add some basic security and set a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 14.04.
Have another answer? Share your knowledge.