Skip to content

Server Configuration

Disable password authentication

If you have set up your SSH keys, then my advice is to disable password authentication, as passwordless is more secure than password authentication.

  1. Go to your remote server, find, and edit /etc/ssh/sshd_config.

    bash
    sudo nano /etc/ssh/sshd_config
  2. Search for PasswordAuthentication text and set it to "no".

    txt
    PasswordAuthentication no
  3. Restart the SSH service

    bash
    sudo service ssh restart

Change SSH Daemon runs/listens on port

By default, SSH Daemon runs/listens on port 22. You can change it as well.

  1. Go to your remote server, find, and open /etc/ssh/sshd_config.

    bash
    sudo nano /etc/ssh/sshd_config
  2. Search for Port text and edit it based on your needs

    txt
    #Port 22
    Port 1234
  3. Restart the SSH service

    bash
    sudo service ssh restart

Limit authenticate users to login

  1. Go to your remote server, find, and open /etc/ssh/sshd_config.

    bash
    sudo nano /etc/ssh/sshd_config
  2. Search for AllowUsers or AllowGroups, if not found, then create it anywhere. Either one should be fine, or you want to implement both too.

    txt
    AllowUsers user1 user2 user3
    AllowGroups groupname
  3. Restart the SSH service

    bash
    sudo service ssh restart

Disable root login

It is a good practice to disable root login

  1. Go to your remote server, find, and open /etc/ssh/sshd_config.

    bash
    sudo nano /etc/ssh/sshd_config
  2. Search for PermitRootLogin text and set it to "no".

    txt
    PermitRootLogin no
  3. Restart the SSH service

    bash
    sudo service ssh restart