Securing SSH on Ubuntu 20.04

Securing SSH is highly recommended as it is a common target for hackers on the internet. I’ll show you how to secure SSH by changing the port, disabling password authentication, and disabling root login over SSH.

 

Changing the SSH port

Changing from the default port will immediately increase your SSH security by thwarting the efforts of hackers trying to brute force into port 22.

 

1. Update the sshd configuration file

sudo nano /etc/ssh/sshd_config

Change this line:

#Port 22

To this:

Port 578

Or whichever port you prefer.

 

2. It’s a really good idea to use a firewall, but if you haven’t yet configured UFW, you can skip this step until you do.

Add the new port:

sudo ufw allow 578/tcp

 

2. Reload sshd

sudo systemctl reload sshd

 

Disable root user login over SSH

By disabling root logins over SSH, you force hackers to have to guess your user name as well as your password.

 

1. Create a user with sudo privileges

Create user:

adduser 

Add the user to the sudo group to give it sudo access:

usermod -aG sudo 

 

2. Update the sshd configuration file

sudo nano /etc/ssh/sshd_config

Change this line:

PermitRootLogin yes

To this:

PermitRootLogin no

 

3. Reload sshd

sudo systemctl reload sshd

 

Disable password authentication

Finally, we’ll disable password authentication in favour of using super long, basically impossible to brute force, ssh keys!

 

1.  Create an SSH key pair

On your local workstation, create an ssh key pair at the command line:

ssh-keygen

 

2. Copy the public key to your server

ssh-copy-id @ -p 578

 

3. Update the sshd configuration file

sudo nano /etc/ssh/sshd_config

Change this line:

PasswordAuthentication yes

To this:

PasswordAuthentication no

 

Conclusion

By making all of these changes, we’ve forced hackers to guess our username, port, and super long ssh key! This should make any hack over SSH basically impossible!

Leave a Reply

Your email address will not be published. Required fields are marked *