DEV Community

Nguyen Trung Duc
Nguyen Trung Duc

Posted on

Hardening ssh service on Ubuntu/Linux server

#devops #linux #ubuntu

Checklist:

  • Disable ssh login for root user
  • Disable password login

1. Create new user 

adduser <username>
Enter fullscreen mode Exit fullscreen mode

Add user to sudo group:

usermod -aG sudo <username>
Enter fullscreen mode Exit fullscreen mode

or add this line to file /etc/sudoers.d/90-cloud-init-users (sudo without password)

<username> ALL=(ALL) NOPASSWD:ALL
Enter fullscreen mode Exit fullscreen mode

2. Add ssh key for new user

Add ssh key to file /home/<username>/.ssh/authorized_keys

3. Disable root login and password based login

Edit file /etc/ssh/sshd_config, Find ChallengeResponseAuthentication and set to no:

ChallengeResponseAuthentication no
Enter fullscreen mode Exit fullscreen mode

find PasswordAuthentication set to no:

PasswordAuthentication no
Enter fullscreen mode Exit fullscreen mode

Search for UsePAM and set to no:

UsePAM no
Enter fullscreen mode Exit fullscreen mode

Finally look for PermitRootLogin and set it to no:

PermitRootLogin no
PermitRootLogin prohibit-password
Enter fullscreen mode Exit fullscreen mode

Save and close the file. Reload or restart the ssh server on Linux:

service ssh restart
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

kartikmehta8 profile image

Introduction to Version Control with Git

Kartik Mehta -

evrone profile image

Developing a cloud backend for a streaming service

Evrone -

rayiumir profile image

Remove Snap Linux Ubuntu

Raymond Baghumian -

cicubeteam profile image

What is AWS Redshift and Why Use It?

CiCube Team -