blockisthenewchain.com
  • Home
  • Cybersecurity
    • All
    • Corporate Security
    • Data Security
    • System security
    • Web Security
    edge computing

    How important is Edge Computing Security?

    Enhance Smart Cybersecurity

    Three Cognitive Technologies to Enhance Smart Cybersecurity

    phishing_result

    An 11-fold increase in phishing attacks exploiting SaaS platforms

    phishing attacks exploiting saas

    A Simple Guide to Manually Renewing an SSL Certificate

    Protecting Your WordPress Site

    6 Tips for Protecting Your WordPress Site

    Secure SSH Server

    8 Ways to Secure SSH Server Connections on Linux

    Trending Tags

    • Vulnerability
    • IoT-Security
    • Metaverse
    • Application Security
    • Cloud-Security
  • Hacking stories
    • All
    • Apps Hacking stories
    • Exchange Hacking stories
    protect your smart home

    How to protect your Smart Home from hackers

    Hacking Anonymous

    6 ways the hacker group Anonymous is waging cyber-war against Russia

    Investment scammers

    Investment scammers target dating app users

    Axie-Infinity-AXS-Metaverse

    Hacking Story: How a fake job offer took down the world’s most popular crypto game?

    Trending Tags

    • Artificial-Intelligence
    • website security
    • Deep-Learning
    • Hacker-Attack-and-Defense
  • News
    • All
    • Business
    • Crypto News
    • Cybersecurity News
    • World News
    Vitalik-meta

    Meta’s metaverse is doomed, says Vitalik Buterin

    Tiner metaverse

    Tinder puts its metaverse and digital currency project on hold

    bernard arnault

    Bernard Arnault’s investment fund will invest 100 million euros in Web3

    invest in cybersecurity startup

    How can VCs invest in cybersecurity startups in challenging times?

    Venture-Capital-decline

    Cybersecurity Venture Capital Investments: Severe Decline in Q2 2022

    SaaS Security Certification

    A Comprehensive Guide to SaaS Security Certification

    Trending Tags

    • WEB3
    • DEFI
    • Crypto
    • Blockchain
    • Data Security
  • Blockchain
    • All
    • Cryptocurrency
    • Metaverse
    • NFT
    • Trends and DEFI
    • Web3
    blockchain API

    Excellent blockchain API for developers

    The next generation of blockchains

    The next generation of blockchains – cross-chain interoperability

    massa-autonomous-smart-contracts

    Can autonomous smart contracts be the future of blockchain technology?

    blockchain-Blockisthenewchain

    Blockchain Basics – What is Blockchain Technology

    metaverse-cloud

    How will the metaverse affect cloud security?

    What is MetaMask

    What is MetaMask? And is it safe to use?

  • Startups
  • Login
No Result
View All Result
  • Home
  • Cybersecurity
    • All
    • Corporate Security
    • Data Security
    • System security
    • Web Security
    edge computing

    How important is Edge Computing Security?

    Enhance Smart Cybersecurity

    Three Cognitive Technologies to Enhance Smart Cybersecurity

    phishing_result

    An 11-fold increase in phishing attacks exploiting SaaS platforms

    phishing attacks exploiting saas

    A Simple Guide to Manually Renewing an SSL Certificate

    Protecting Your WordPress Site

    6 Tips for Protecting Your WordPress Site

    Secure SSH Server

    8 Ways to Secure SSH Server Connections on Linux

    Trending Tags

    • Vulnerability
    • IoT-Security
    • Metaverse
    • Application Security
    • Cloud-Security
  • Hacking stories
    • All
    • Apps Hacking stories
    • Exchange Hacking stories
    protect your smart home

    How to protect your Smart Home from hackers

    Hacking Anonymous

    6 ways the hacker group Anonymous is waging cyber-war against Russia

    Investment scammers

    Investment scammers target dating app users

    Axie-Infinity-AXS-Metaverse

    Hacking Story: How a fake job offer took down the world’s most popular crypto game?

    Trending Tags

    • Artificial-Intelligence
    • website security
    • Deep-Learning
    • Hacker-Attack-and-Defense
  • News
    • All
    • Business
    • Crypto News
    • Cybersecurity News
    • World News
    Vitalik-meta

    Meta’s metaverse is doomed, says Vitalik Buterin

    Tiner metaverse

    Tinder puts its metaverse and digital currency project on hold

    bernard arnault

    Bernard Arnault’s investment fund will invest 100 million euros in Web3

    invest in cybersecurity startup

    How can VCs invest in cybersecurity startups in challenging times?

    Venture-Capital-decline

    Cybersecurity Venture Capital Investments: Severe Decline in Q2 2022

    SaaS Security Certification

    A Comprehensive Guide to SaaS Security Certification

    Trending Tags

    • WEB3
    • DEFI
    • Crypto
    • Blockchain
    • Data Security
  • Blockchain
    • All
    • Cryptocurrency
    • Metaverse
    • NFT
    • Trends and DEFI
    • Web3
    blockchain API

    Excellent blockchain API for developers

    The next generation of blockchains

    The next generation of blockchains – cross-chain interoperability

    massa-autonomous-smart-contracts

    Can autonomous smart contracts be the future of blockchain technology?

    blockchain-Blockisthenewchain

    Blockchain Basics – What is Blockchain Technology

    metaverse-cloud

    How will the metaverse affect cloud security?

    What is MetaMask

    What is MetaMask? And is it safe to use?

  • Startups
No Result
View All Result
blockisthenewchain.com
No Result
View All Result
Home Cybersecurity System security

8 Ways to Secure SSH Server Connections on Linux

As most servers run on Linux infrastructure, it's crucial to learn about Linux systems and server administration. Security is a sensitive issue since web servers contain most of the system's information.

BlockIsTheNewChain by BlockIsTheNewChain
September 4, 2022
in System security, Cybersecurity
427 4
0
Secure SSH Server
29
SHARES
1.4k
VIEWS
Share on TwitterShare on LinkedinShare on FacebookShare on Telegram

The SSH protocol is widely used to securely access Linux servers. Most users connect securely to the remote server using the default SSH connection. However, vulnerable default configurations can compromise security as well.

The root account of a server with open SSH access can be at risk. Especially if you are using a public IP address, it is much easier to crack the root password. Therefore, it is necessary to understand SSH security.

Here’s how to secure SSH server connections on Linux.

1. Disable root user login

To do this, first, disable SSH access for the root user and create a new user with root privileges. Closing server access for the root user is a defensive strategy that prevents attackers from achieving their goal of breaking into the system. For example, you can create a user named example root as follows: copy

useradd -m exampleroot
passwd exampleroot
usermod -aG sudo exampleroot

Here is a brief description of the above command:

  • useradd creates a new user, and the -m parameter creates a folder under the home directory of the user you created.
  • The passwd command is used to assign a password to a new user. Remember that the passwords you assign to users should be complex and difficult to guess.
  • usermod -aG sudo adds the newly created user to the administrators group.

After the user creation process, some changes need to be made to the sshd_config file. You can find this file at /etc/ssh/sshd_config. Open the file with any text editor and make the following changes: copy

# Authentication: 
#LoginGraceTime 2m 
PermitRootLogin no 
AllowUsers exampleroot
Secure SSH server

The PermitRootLogin line will prevent the root user from gaining remote access using SSH. Including exampleroot in the AllowUsers list grants the necessary permissions to the user.

Finally, restart the SSH service with the following command:copy

[email protected] /home/linuxmi/www.linuxmi.com                              
⚡ sudo systemctl restart ssh

If it fails and you get an error message, try the following commands. This may vary depending on the Linux distribution you are using.copy

[email protected] /home/linuxmi/www.linuxmi.com
 sudo systemctl restart sshd

2. Change the default port

The default SSH connection port is 22. Of course, all attackers know this, so the default port number needs to be changed to secure SSH. While attackers can easily find new port numbers with an Nmap scan, the goal here is to make the attacker’s job more difficult.

To change the port number, open /etc/ssh/sshd_config and make the following changes to the file:copy

Include /etc/ssh/sshd_config.d/*.conf
Port 22099
Secure-SSH-server-

After this step, restart the SSH service again with sudo systemctl restart ssh. Now you can access your server using the port you just defined. If you are using a firewall, you must also make the necessary rule changes here. When running the netstat -tlpn command, you can see that your SSH port number has changed.

3. Block access to users with blank passwords

There may be users on your system that you accidentally created without passwords. To prevent such users from accessing the server, you can set the value of the PermitEmptyPasswords line in the sshd_config file to no.copy

PermitEmptyPasswords no

4. Limit login/access attempts

By default, you can try entering your password as many times as you want to access the server. However, an attacker could exploit this vulnerability to brute force the server. By specifying the number of password attempts allowed, you can automatically terminate the SSH connection after a certain number of attempts.

To do this, change the MaxAuthTries value in the sshd_config file.copy

MaxAuthTries 3

5. Using SSH version 2

The second version of SSH was released because there were many vulnerabilities in the first version. You can enable the server to use the second version by default by adding the Protocol parameter to the sshd_config file. This way, all your future connections will use the second version of SSH.copy

Include /etc/ssh/sshd_config.d/*.conf 
Protocol 2
Secure-SSH-server-3

6. Disable TCP port forwarding and X11 forwarding

Attackers can try to access your other systems through port forwarding of SSH connections. To prevent this, you can turn off the AllowTcpForwarding and X11Forwarding features in the sshd_config file.copy

X11Forwarding no 
AllowTcpForwarding no

7. Connect using an SSH key

One of the safest ways to connect to a server is to use an SSH key. When using SSH keys, you can access the server without a password. Alternatively, you can turn off password access to the server entirely by changing password-related parameters in the sshd_config file.

When creating an SSH key, there are two keys: Public and Private. The public key will be uploaded to the server you are connecting to, while the private key will be stored on the computer you will be using to establish the connection.

Create an SSH key on your computer using the ssh-keygen command. Do not leave the passphrase field blank and remember the password you enter here. If you leave it blank, you will only be able to access it using the SSH key file. However, if you set a passphrase, you can prevent an attacker who has the key file from accessing it. For example, you can create an SSH key with the following command:copy

ssh-keygen

8. IP Restrictions for SSH Connections

Most of the time, firewalls block access using their own standard framework, designed to protect servers. However, this is not always enough and you need to increase this security potential.

To do this, open the /etc/hosts.allow file. With additions to this file, you can restrict SSH permissions, allow specific IP blocks, or enter a single IP and block all remaining IP addresses with the deny command.

Below you will see some sample settings. After doing this, restart the SSH service as usual to save the changes.

Secure-SSH-server-4
8 Ways to Secure SSH Server Connections on Linux 28

The Importance of Linux Server Security

All server administrators should consider data and data security issues. Server security is a very sensitive issue because the main focus of attacks are web servers, which contain almost all information about the system. Since most servers run on Linux infrastructure, it is important to be familiar with Linux systems and server administration.

SSH security is just one of the ways to protect your server. You can minimize the damage you take by stopping, blocking, or slowing your attacks. In addition to providing SSH security, you can implement many different methods to secure your Linux server.

Tags: Application SecurityData SecurityVulnerabilitywebsite security

Related Posts

edge computing
Corporate Security

How important is Edge Computing Security?

by BlockIsTheNewChain
October 12, 2022

Edge computing is revolutionizing the way business operates. This has sparked a massive uptake of edge computing products and services. Research predicts...

Read more
Enhance Smart Cybersecurity

Three Cognitive Technologies to Enhance Smart Cybersecurity

October 7, 2022
phishing_result

An 11-fold increase in phishing attacks exploiting SaaS platforms

September 4, 2022
phishing attacks exploiting saas

A Simple Guide to Manually Renewing an SSL Certificate

September 4, 2022
Protecting Your WordPress Site

6 Tips for Protecting Your WordPress Site

September 4, 2022

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

  • Vulnerability Scanning

    The most popular Web vulnerability scanning tools

    36 shares
    Share 14 Tweet 9
  • Excellent blockchain API for developers

    29 shares
    Share 12 Tweet 7
  • 6 ways the hacker group Anonymous is waging cyber-war against Russia

    31 shares
    Share 12 Tweet 8
  • Blockchain Basics – What is Blockchain Technology

    28 shares
    Share 11 Tweet 7
  • Can autonomous smart contracts be the future of blockchain technology?

    28 shares
    Share 11 Tweet 7

  • About
  • terms-and-conditions
  • Privacy & Policy
  • Contact

© 2022 Blockisthenewchain - The latest Blockchain, Cybersecurity News, and Startup Reviews by BLOCKisthenewCHAIN.

No Result
View All Result
  • Home
  • Cybersecurity
  • Hacking stories
  • News
  • Blockchain
  • Startups

© 2022 Blockisthenewchain - The latest Blockchain, Cybersecurity News, and Startup Reviews by BLOCKisthenewCHAIN.

Welcome Back!

Sign In with Facebook
Sign In with Google
OR

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.