Knowledgebase


Portal Home > Knowledgebase > Hosting FAQ's > How to Secure Server using SSH ?

How to Secure Server using SSH ?

Quite frequently we hear about news about increasing number of attacks on SSH. Its pretty ofter that we find people concerned about different bots trying to access a server via. port 22 with multiple login attempts to breach into the system. Inorder to avoid someone to get into your server, you can secure your server using SSH.

To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.

SSH into server as root.

# vi /etc/ssh/sshd_config

Go to the following section:

#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::

Uncomment and change

#Port 22

to look like

Port 3999 (choose your own 4 to 5 digit port number (49151 is the highest port number)

Uncomment and change

#Protocol 2, 1

to

Protocol 2

Uncomment and change

#ListenAddress 0.0.0.0

to

ListenAddress 192.168.0.1 (use one of your own IP Addresses that has been assigned to your server)

If you would like to disable direct Root Login, go to:

#PermitRootLogin yes

and uncomment it and make it look like

PermitRootLogin no

Now restart SSH

# /etc/rc.d/init.d/sshd restart

Exit out of SSH, and then re-login to SSH using the new IP , and the new port.

If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.

Disable Telnet

# vi /etc/xinetd.d/telnet

change disable = no to disable = yes

Save and Exit

# /etc/init.d/xinetd restart


Also Read