How to properly secure SSH?

June 12, 2014 4k views
assassinsiicreed
By:
assassinsiicreed
Hello, I logged into my server today to find out there's been 157 unsuccessful attempts to login. I installed and configured fail2ban right away (I hope jail.local is fine). (I forgot to do it...) Protocol 2 is used by default in Fedora - so that's okay. I'm not sure if I should change the SSH port though. https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/ http://www.danielmiessler.com/blog/putting-ssh-another-port-good-idea Do you think it's a good idea to change it if it's done properly? If I use port-knocking it should be okay, right? Or do you think I should leave it alone? Thank you!
Log In to Comment
2 Answers
Woet June 12, 2014
Public keys.
Reply
asb MOD June 12, 2014
It's very often recommended to change the SSH port, in fact our initial server setup guide suggests that you do it: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04 Of course, there is some debate on the subject. You seem to have already found good opinions on both sides. Personally, I don't usually change it on my servers. Though that's because I've taken other steps to secure them (and partially laziness!). Installing fail2ban is a good step. I'd strongly encourage that you use SSH key pairs and disable password authentication.
Initial Server Setup with Ubuntu 14.04
by Justin Ellingwood
When you start a new server, there are a few steps that you should take every time to add some basic security and set a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 14.04.
Reply
Have another answer? Share your knowledge.