Penguin-KarChunTKarChunT

Server Configuration

Understand server configuration.

Disable password authentication

If you have set up your SSH keys, then my advice is to disable password authentication, as passwordless is more secure than password authentication.

  1. Go to your remote server, find, and edit /etc/ssh/sshd_config.

    sudo nano /etc/ssh/sshd_config

  2. Search for PasswordAuthentication text and set it to "no".

    PasswordAuthentication no

  3. Restart the SSH service

    sudo service ssh restart

Change SSH Daemon runs/listens on port

By default, SSH Daemon runs/listens on port 22. You can change it as well.

  1. Go to your remote server, find, and open /etc/ssh/sshd_config.

    sudo nano /etc/ssh/sshd_config

  2. Search for Port text and edit it based on your needs

    #Port 22
Port 1234

  3. Restart the SSH service

    sudo service ssh restart

Limit authenticate users to login

  1. Go to your remote server, find, and open /etc/ssh/sshd_config.

    sudo nano /etc/ssh/sshd_config

  2. Search for AllowUsers or AllowGroups, if not found, then create it anywhere. Either one should be fine, or you want to implement both too.

    AllowUsers user1 user2 user3
AllowGroups groupname

  3. Restart the SSH service

    sudo service ssh restart

Disable root login

It is a good practice to disable root login

  1. Go to your remote server, find, and open /etc/ssh/sshd_config.

    sudo nano /etc/ssh/sshd_config

  2. Search for PermitRootLogin text and set it to "no".

    PermitRootLogin no

  3. Restart the SSH service

    sudo service ssh restart
Edit on GitHub

Host Configuration

Understand host configuration.

Local Tunneling

Understand local tunneling.

On this page