Securing SSH

If you are using SSH, you’ll want to run down this checklist of to make that ssh server a bit more secure. If any of these settings is absent from the configuration file, you should add them.

For Ubuntu this is in the file

/etc/ssh/sshd_config

Change Port

This is more of a security through obscurity approach, but it’ll help slow down bot scrapers.

Change this value to something else.

Port 22

Set Client Timeout

ClientAliveInterval configures the server to send null packets to clients each 10 seconds.
ClientAliveCountMax configures the server to close the connection if the client has been inactive for 300 seconds.

In this case that is 10*300 = 3000 seconds or 50 minutes.

ClientAliveInterval 10
ClientAliveCountMax 300

Disable empty passwords

PermitEmptyPasswords no

Limit Login Attempts

MaxAuthTries 3

Use Protocol SSH 2 only

Protocol 2

Disable root login

PermitRootLogin no

In conclusion…

There are always lots of ways to accomplish similar tasks. If you have additional ideas or I missed anything, please post in the comments below.