How to properly secure SSH?

June 12, 2014 4.6k views
Hello, I logged into my server today to find out there's been 157 unsuccessful attempts to login. I installed and configured fail2ban right away (I hope jail.local is fine). (I forgot to do it...) Protocol 2 is used by default in Fedora - so that's okay. I'm not sure if I should change the SSH port though. https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/ http://www.danielmiessler.com/blog/putting-ssh-another-port-good-idea Do you think it's a good idea to change it if it's done properly? If I use port-knocking it should be okay, right? Or do you think I should leave it alone? Thank you!
2 Answers
Public keys.
It's very often recommended to change the SSH port, in fact our initial server setup guide suggests that you do it: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04 Of course, there is some debate on the subject. You seem to have already found good opinions on both sides. Personally, I don't usually change it on my servers. Though that's because I've taken other steps to secure them (and partially laziness!). Installing fail2ban is a good step. I'd strongly encourage that you use SSH key pairs and disable password authentication.
by Justin Ellingwood
When you start a new server, there are a few steps that you should take every time to add some basic security and set a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 14.04.
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!