Introduction
SSH is an important tool as a system administrator. It allows for remote connection to your machine through a client, and the ability to control your machine from wherever you are.
However, malicious attackers are able to do a brute force attack on your machine via SSH. Therefore, this tutorial will not only setup your ssh server, it will strengthen the server to help against unwanted brute force attacks.
This tutorial will setup SSH on your machine on port 2222, instead of the default port 22; Disables remote root login, and also password authentication. You will be able to connect to your machine via ssh keypairs for added security, instead of entering your password.
You will need 2 machines to use keypair authentication
Installation
Install openssh and ufw with your package manager on both your local and remote machines
|
|
Start and enable ssh service
|
|
Key generation
Use Command
|
|
Follow the prompt to generate a key, copy key to remote machines
REST of the configurations below are done in the remote machine
SSH Configurations
On the remote machine, edit sshd_config file
|
|
Add the following configurations
|
|
Restart sshd service
sudo systemctl restart sshd
Note sshd_config file location may vary with different distros
Config explanation and notes
- Port - Specify Port number to your liking
- PermitRootLogin - Self Explanatory
- Allow Users - Self Explanatory
- Password Authentication - Disable Password authentication to use key
- Remember to ssh-copy-id to machine before adding this
Enable ufw firewall service to start on boot
sudo systemctl start ufw
sudo systemctl enable ufw
Firewall
Allow ssh port on the firewall, I am using non-default ports for ssh
sudo ufw limit 2222/tcp comment 'SSH Port 2222 limit'
Connection
On your machine, connect to the remote machine with:
ssh -p 2222 <username>@<Remote IP Address>
