Summary
When managing a Linux server, SSH (Secure Shell) is one of the most commonly used remote management tools. It provides encrypted communication to ensure the security of data transmission. However, the default SSH configuration is not necessarily the most secure, especially when root user login is allowed via SSH. Servers exposed to public networks are more vulnerable to attacks, and hackers can attempt to gain access using methods like brute-force attacks. To improve SSH security, there are several simple yet effective configurations that can help protect your server.
1. Disable Root User Login
The root user is the primary target for attackers because it is the system's superuser with full control permissions. By default, SSH allows root users to log in directly via password, providing attackers with a direct opportunity to infiltrate the server. The best way to reduce this risk is to disable root user login via SSH.
You can create a new regular user and grant that user administrative privileges. This way, even if an attacker guesses the user's password, they cannot log in directly as root. In the SSH configuration file, set PermitRootLogin to no to prevent root user remote login. This ensures that the system can only be managed remotely through the new regular user, further enhancing the server’s security.
2. Change the Default SSH Port
The default SSH port is 22, which is one of the most commonly scanned ports by attackers. To make it harder for attackers to find your server via port scanning, you can choose to change the SSH port to a less common number. For example, you can change it to 22099 or any other number.
Changing the port is simple — just modify the Port option in the SSH configuration file. After changing the port, don’t forget to allow the new port through the firewall; otherwise, you won't be able to access the server via the new port. While this doesn't completely prevent experienced attackers, it at least reduces the effectiveness of automated attack tools and increases the difficulty for hackers.
3. Disable Empty Password Logins
If there are any user accounts on the server with empty passwords, attackers can exploit this vulnerability to perform brute-force attacks and easily gain system access. Therefore, disabling login for empty password accounts is a simple yet essential security measure.
You only need to find the PermitEmptyPasswords option in the SSH configuration file and set it to no to prevent empty password accounts from logging in via SSH. This will prevent attackers from easily entering the system through accounts with no passwords.
4. Limit Login Attempts
The basic principle behind brute-force attacks is to keep trying passwords until successful. By default, SSH allows multiple password attempts, meaning attackers can repeatedly input passwords to try and break in. To avoid this, you can limit the maximum number of login attempts.
In the SSH configuration file, set MaxAuthTries to 3 or fewer. This way, if the maximum number of attempts is exceeded, SSH will automatically disconnect, preventing further brute-force attempts. This significantly reduces the chances of a hacker gaining access through brute-force methods.
5. Use SSH Key Authentication
Compared to traditional password authentication, SSH key authentication is much more secure. With key authentication, you don’t need to enter a password each time; instead, identity is verified through a key pair. Even if an attacker steals the server’s password, they cannot log in unless they have your private key.
To enable SSH key authentication, you first need to generate an SSH key pair on your local machine and upload the public key to the server. Then, edit the SSH configuration file and set PasswordAuthentication to no to disable password-based login, allowing only key-based authentication. This method greatly increases login security because keys are much harder to crack than passwords.
Conclusion
Enhancing SSH security is fundamental to protecting a Linux server. Measures like disabling root login, changing the default port, preventing empty password logins, limiting login attempts, and using SSH key authentication can significantly improve server security. While these settings are simple, they effectively prevent brute-force attacks, password guessing, and other attack methods, greatly reducing the risk of server compromise.
In addition to these basic SSH security configurations, regularly updating the system, configuring firewalls, and monitoring logs are also important steps to maintain server security. With a multi-layered defense, you can ensure the stability and security of your server.