How to properly secure SSH?

June 12, 2014 3k

By:

assassinsiicreed

Hello, I logged into my server today to find out there's been 157 unsuccessful attempts to login. I installed and configured fail2ban right away (I hope jail.local is fine). (I forgot to do it...) Protocol 2 is used by default in Fedora - so that's okay. I'm not sure if I should change the SSH port though. https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/ http://www.danielmiessler.com/blog/putting-ssh-another-port-good-idea Do you think it's a good idea to change it if it's done properly? If I use port-knocking it should be okay, right? Or do you think I should leave it alone? Thank you!

2 Answers

Woet June 12, 2014

Public keys.

assassinsiicreed June 12, 2014

Yeah, I'm gonna do that - but still, should I change the port or not? Thank you! :)

asb MOD June 12, 2014

It's very often recommended to change the SSH port, in fact our initial server setup guide suggests that you do it: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04 Of course, there is some debate on the subject. You seem to have already found good opinions on both sides. Personally, I don't usually change it on my servers. Though that's because I've taken other steps to secure them (and partially laziness!). Installing fail2ban is a good step. I'd strongly encourage that you use SSH key pairs and disable password authentication.

Initial Server Setup with Ubuntu 14.04

When you start a new server, there are a few steps that you should take every time to add some basic security and set a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 14.04.

assassinsiicreed June 12, 2014

Okay, thanks! :)

Have another answer? Share your knowledge.

Share

Share your Question

How to properly secure SSH?

Leave a Comment

Almost there!

Report a Bug