SSH security tip – custom port and disable root login

This is the very first thing I do on any public-facing Linux server I own.

Disable Root Login by following these steps:

remote:~ vi /etc/ssh/sshd_config

And change the ‘PermitRootLogin’ setting to be ‘no’ like so:

PermitRootLogin no

Then type:

:wq

…to save your changes and quit the vi text editor

Change the port

Look for the default port setting in that same file:

Port 22

…and change it to something else like 22666. If you leave it at port 22 and keep root ssh login enabled, you’ll notice in your logs, several attempts to login to your machine. These come from programs that people have written to look for insecure servers. To see that log type:

tail -f /var/log/auth.log

…and CTRL+C will exit. You can use netstat to check open connections like so:

sudo apt-get install net-tools
netstat -atn

…this should show your active ssh connection (over tcp).

UFW Firewall

I utilize the ufw firewall since it is very easy-to-use:

sudo apt-get install ufw
ufw status

To enable ufw:

ufw enable

To add a rule:

ufw allow 443/tcp

Leave a Reply

Your email address will not be published. Required fields are marked *