SSH Security Tips: Part 1

Any service or software that allows remote users to connect to your server is a potential security risk. Despite its name SSH (Secure Shell) is no exception. Nevertheless, when configured correctly, SSH is the safest ways to connect to your server and one that you will unquestionably need if your server is remote (and most likely even if it is local).

Good SSH security practices are of two kinds: those that are common to all networking situations, and those specific to SSH. The first kind includes basic IT security procedures that you should practice for every computer or online system. You should have a secure password that is difficult to guess, avoid using public computers and not save passwords if you have to use them, and many other routine security procedures.

The second kind of security practice takes a little more time, but with some work, your SSH server can be a safe haven.

1. Use protocol 2. SSH protocol 1 is older and is generally less secure. You can disable it in your ssh configuration. Edit /etc/ssh/ssh_config and make sure you have the following line:

Protocol 2

2. Allow or deny specific users. You may have many users on your server, but not all of them will need SSH. Rather than leaving it open for everyone, you can allow or deny specific users. In the config file, add these lines:

AllowUsers root reggie olivia

Then, to deny marcus, samuel, and john, add this line:

DenyUsers jake rene xander

In part two, we will cover more security tips to help you make your SSH server secure.