Comments on: How to Secure SSH Login on Your Linux Server

By: Shane

Shane — Tue, 10 Dec 2013 12:05:46 +0000

In the testing of your new credentials section. You don’t need to log out nad log in.

I start a new Putty session and go that way. That means if I have made a mistake I am still logged in via the original putty shell and can hopefully correct it.

One other tip to add to your awesome step by step.:
change IP tables to stop brute force attacking:
after three missed attempts in a minute locks it out for a minute. trusted address is white-listed from this check. change port 22 to the new port you have used.

iptables -N SSH_WHITELIST

iptables -A SSH_WHITELIST -s -m recent –remove –name SSH -j ACCEPT

iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –set \
–name SSH
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -j SSH_WHITELIST
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update \
–seconds 60 –hitcount 4 –rttl –name SSH -j ULOG –ulog-prefix SSH_brute_force
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update \
–seconds 60 –hitcount 4 –rttl –name SSH -j DROP

Alternatively fail2ban is meant to do the above but be excellent.

By: graham

graham — Fri, 30 Aug 2013 08:48:31 +0000

Also check this url:
http://www.itsecuritycenter.com/linux-security-secure-ssh-configuration.html

By: Dimas

Dimas — Thu, 25 Jul 2013 18:10:51 +0000

1) I am not sure .. give it a try and report back if it does indeed work

2) yes you can comment out the key or delete it completely

By: Jan

Jan — Thu, 25 Jul 2013 10:12:33 +0000

Hi,
thanks for tutorial – just two questions:
1) Is it possible to use both at the same time – password and authentication using public key?
does it suffice to keep this one to yes?
PasswordAuthentication yes

2) How to disable a previously added public key? Is all I need to do just this:
# user: davidrussell
#ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEApwFQWa9G0FX7M+uSi8ipny0+C14lPFZtdFLj2rT5FNbUcat6BNswFt4Ys97celZ1HiuMGjyAIPDO1B290SSXGOWV/hwhNlMG080yjXbj0BC/5qNim9eDXJHqq0knFbIsHvcOZ9SepVp9q6SuqXuSQ6AXmMed3ZRm2ig7DiqDHVM=

# – basically simply commenting out one of the keys and doing restart of the ssh server? Or is there any other action required? Thanks!

By: driver

driver — Fri, 15 Mar 2013 15:38:43 +0000

Amazing tip!! Thanks a lot for sharing the step-by-step tutorial 🙂
(had to use service sshd restart instead)

By: dave

dave — Sat, 01 Dec 2012 13:03:11 +0000

Thanks for great tutorial.
To restart sshd do ‘service sshd restart’ works but i am sitting on a RH distro i dont know about ubuntu

By: hrs

hrs — Tue, 27 Nov 2012 09:38:53 +0000

I would like to recommend to use Two Factor SSH with Google Authenticator (http://digitaljournal.sg/wp/?p=146)
to tighten up the sshd security

By: Simon

Simon — Mon, 23 Jul 2012 13:21:31 +0000

The ssh restart line is incorrect. It is the daemon that needs restarting, so…
/etc/init.d/sshd restart

By: Dimas

Dimas — Tue, 01 Feb 2011 21:15:13 +0000

@mac geek, thanks for the tip, I’ve started using your suggestion and have also added it to the tutorial.

By: mac geek

mac geek — Wed, 17 Nov 2010 18:19:44 +0000

hey this is great! one other thing i like to do is to move the sshd service from port 22 to something non standard. this helps to keep the automated bot hacks to a minimun or nil, and provides one more line of defense. : )

adjust the port at the top of the same sshd_config file, then restart the service.