How To: Increase Security for SSH in Linux

These tweaks will provide some increased security for the SSH service running on your Linux system by obscuring the port to connect through and limiting the number of attempts to login. Nothing is 100% secure or bulletproof but this will help protect against attackers guessing their way to accessing your Linux system.

These methods have been used on Ubuntu Server Linux. Your Linux distro may vary.

Change the Default SSH Port

Open the /etc/ssh/sshd_config file and locate:


#Port 22


						

Uncomment the line by removing the leading # character:


Port 22


						

Configure the port to be used:


Port ***


						
ℹ️ Replace *** with the port number you would like to use (between 0 to 65536).

Restart the SSH server:


sudo systemctl restart sshd


						

Make sure you use the newly configured port when trying to connect to your system via SSH!

For more information see: https://www.ubuntu18.com/ubuntu-change-ssh-port/

Restrict SSH Login Attempts

Prerequisites

Before proceeding you will need to have installed fail2ban

To install this on Ubuntu Server Linux, run:


sudo apt install fail2ban


						

Configuration

Copy the initial config file. Run:


sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local


						

Open the new config file.

Set:

  • bantime to the amount of time to ban login attempts (e.g. 10m for 10 minutes)
  • maxretry to the amount of attempts to login before banning (e.g. 5)
  • Locate the [sshd] section
    • Locate #mode = normal
      • Uncomment the line by removing the leading # character: mode = normal
    • Locate port = ssh
      • Change ssh to the port number configured in the previous section

To enable fail2ban, run:


sudo systemctl enable fail2ban


						

Controls

To start fail2ban manually, run:


sudo systemctl start fail2ban


						

To check the status of fail2ban, run:


sudo systemctl status fail2ban


						

Tested on Ubuntu Server Linux 22.04.1