How To: Increase Security for SSH in Linux
These tweaks will provide some increased security for the SSH service running on your Linux system by obscuring the port to connect through and limiting the number of attempts to login. Nothing is 100% secure or bulletproof but this will help protect against attackers guessing their way to accessing your Linux system.
These methods have been used on Ubuntu Server Linux. Your Linux distro may vary.
Change the Default SSH Port
Open the
/etc/ssh/sshd_config
file and locate:
#Port 22
Uncomment the line by removing the leading # character:
Port 22
Configure the port to be used:
Port ***
***
with the port number you would like to use (between 0 to 65536).
Restart the SSH server:
sudo systemctl restart sshd
Make sure you use the newly configured port when trying to connect to your system via SSH!
For more information see: https://www.ubuntu18.com/ubuntu-change-ssh-port/
Restrict SSH Login Attempts
Prerequisites
Before proceeding you will need to have installed
fail2ban
To install this on Ubuntu Server Linux, run:
sudo apt install fail2ban
Configuration
Copy the initial config file. Run:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Open the new config file.
Set:
-
bantime
to the amount of time to ban login attempts (e.g.10m
for 10 minutes) -
maxretry
to the amount of attempts to login before banning (e.g.5
) -
Locate the
[sshd]
section-
Locate
#mode = normal
-
Uncomment the line by removing the leading # character:
mode = normal
-
Uncomment the line by removing the leading # character:
-
Locate
port = ssh
-
Change
ssh
to the port number configured in the previous section
-
Change
-
Locate
To enable fail2ban, run:
sudo systemctl enable fail2ban
Controls
To start
fail2ban
manually, run:
sudo systemctl start fail2ban
To check the status of
fail2ban
, run:
sudo systemctl status fail2ban
Tested on Ubuntu Server Linux 22.04.1