When attackers target a Linux server, they don’t start with zero-days—they start with SSH. Weak passwords, default ports, and outdated configurations make brute-force attempts almost trivial for bots scanning the internet 24/7.
The good news: tightening SSH security takes minutes and drastically reduces risk. Here’s what should be standard on every production server:
1. Disable Password Authentication
If passwords are allowed, someone will eventually guess one. Make sure you have your keys in order before disabling password authentication.
Edit /etc/ssh/sshd_config:
PasswordAuthentication no
ChallengeResponseAuthentication no
Restart SSH:
systemctl restart sshd
Now only SSH keys work—brute-force attempts instantly become worthless.
2. Move SSH to a Non-Standard Port
No, this isn’t “security through obscurity.” It’s lowering noise.
Bots hammer port 22 nonstop; moving to another port cuts junk traffic by 90–95%.
In sshd_config:
Port 2222
Always test with a second connection before closing your original session.
3. Limit SSH to Specific Users
If only two people need SSH access, there’s no reason anyone else should even try.
AllowUsers ike admin backupuser
4. Reduce Attack Surface With Fail2ban
Fail2ban blocks aggressive IPs after repeated failed logins. Some servers have a firewall already setup on them. Make sure your current setup won’t conflict with fail2ban before deploying it.
yum install fail2ban
systemctl enable --now fail2ban
5. Disable Root SSH Login
If attackers don’t know the username, they can’t brute force it. Disable root access and login from an alternate user. If you need root access you can allow sudo access.
PermitRootLogin no
6. Use 2FA for SSH (Yes, It’s Worth It)
Tools like Google Authenticator or Duo make SSH compromise nearly impossible.
Leave a Reply
You must be logged in to post a comment.