5 Linux SSH Security Best Practices to Secure Your Systems

Secure Shell (SSH) is a popular network protocol used to remotely access and manage Linux-based systems. As an administrator, you should take appropriate measures to ensure security of your systems, data, and users. In this article, we will discuss five essential Linux SSH security best practices to secure your systems.

Use Strong Authentication Methods

Authentication is the process of verifying the identity of a user or system. By default, SSH uses a combination of username and password for authentication. However, this method is susceptible to brute force attacks and can be easily compromised if the password is weak or reused across multiple systems.

To enhance the security of your SSH authentication, you should consider using stronger methods such as public key authentication. Public key authentication uses a pair of keys ? a private key and a public key. The private key is kept secret and is used to generate a digital signature, while the public key is shared with the SSH server to verify the signature.

To use public key authentication, you need to generate a key pair on your local system and then copy the public key to the remote system's authorized_keys file. Once configured, you can log in to the remote system without entering a password.

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
ssh-copy-id user@remote_server

Disable Root Login

The root user is the most powerful account on a Linux system and has complete control over the system. By default, SSH allows root login, which makes it an easy target for hackers to gain access to your system. Hence, it's recommended to disable root login and use a regular user account to access the system.

To disable root login, you need to edit the SSH configuration file (/etc/ssh/sshd_config) and set the value of PermitRootLogin to "no". This will prevent anyone from logging in as the root user over SSH.

sudo nano /etc/ssh/sshd_config
# Set: PermitRootLogin no
sudo systemctl restart sshd

Configure SSH Security Options

SSH provides several security options that you can configure to enhance the security of your server. These critical configurations should be implemented in the /etc/ssh/sshd_config file:

• Change the default SSH port ? Move from port 22 to a non-standard port to reduce automated attacks

• Disable SSH protocol version 1 ? Use only the more secure version 2

• Set maximum login attempts ? Limit failed authentication attempts

• Configure connection timeouts ? Automatically disconnect idle sessions

• Restrict SSH access ? Allow only specific users or groups

# Example SSH hardening configuration
Port 2222
Protocol 2
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
AllowUsers username1 username2

Use Firewall to Limit Access

A firewall is a network security tool used to control incoming and outgoing traffic based on predefined rules. A properly configured firewall can prevent unauthorized access to your SSH server and protect your system from malicious attacks.

You can use a firewall to limit access to your SSH server by allowing only trusted IP addresses to connect. For example, you can allow access only from your organization's IP address range or from a specific VPN connection.

# UFW examples
sudo ufw allow from 192.168.1.0/24 to any port 22
sudo ufw deny 22
sudo ufw enable

# iptables example
sudo iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j DROP

Monitor SSH Logs and Use Security Tools

SSH logs contain information about SSH connections, including login attempts, successful logins, and failed logins. Monitoring SSH logs can help you detect and prevent unauthorized access to your system and identify suspicious activities.

You should also implement SSH hardening tools such as Fail2ban, which automatically blocks IP addresses that attempt to brute-force your SSH server or engage in suspicious activity.

# View SSH logs
sudo tail -f /var/log/auth.log

# Install and configure Fail2ban
sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Additional Security Measures

User Access Control Best Practices

Limiting user access is an essential step in securing your Linux SSH server. You should only grant access to users who require it and remove access once it's no longer needed. This reduces the attack surface and prevents unauthorized access to your system.

• Create user accounts with specific permissions and roles

• Use sudo for administrative tasks instead of root access

• Implement the principle of least privilege

• Regularly audit user access and remove unused accounts

Conclusion

SSH security requires a multi-layered approach combining strong authentication, proper configuration, network controls, and continuous monitoring. Implementing these five core practices ? strong authentication methods, disabled root login, proper security configurations, firewall restrictions, and active monitoring ? will significantly enhance your system's security posture. Remember that security is an ongoing process that requires regular updates, monitoring, and user education to remain effective against evolving threats.