1. Home
  2. Servers
  3. Dedicated Server
  4. Securing SSH on your Linux Dedicated Server

Securing SSH on your Linux Dedicated Server

This article will show you How to Secure your SSH on your Linux Dedicated Server 

Secure SSH using Public Key Authentication 

 

 

Public key authentication is a more secure way of authenticating via SSH to your server and if all password-based authentication methods are disabled, it can prevent any brute force SSH attacks. 

 

 

Generating a Key 

 

 

First we need to generate a key that will be used to access your server. In a Linux environment this utility is normally built in, Windows users can download this tool for generating keys. In Linux you can run the following commands from your bash prompt.

 

 

·        client$ mkdir -p ~/.ssh client$ chmod 700 ~/.ssh client$ ssh-keygen -q -f ~/.ssh/id_rsa -t rsa Enter passphrase (empty for no passphrase):

 

 

Do not use your account password, nor an empty passphrase. The passphrase should also be at least 8 characters long. 

 

 

Distributing a key 

 

 

The public portion of the RSA key pair must be copied to your server and appended to ~/.ssh/authorized_keys to enable access. If you are running Linux, the public key information to be copied should be located in the ~/.ssh/id_rsa.pub file on your PC. To copy the public key to your server run:

 

 

·        client$ scp ~/.ssh/id_rsa.pub username@server.example.org:

·        server$ mkdir ~/.sshserver$ chmod 700 ~/.sshserver$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keysserver$ chmod 600 ~/.ssh/authorized_keysserver$ rm ~/id_rsa.pub

 

 

Disabling Password Authentication

 

 

Once you have loaded your key onto the server and tested that you are able to login using the key, you can then edit your SSH configuration on the server to disable standard password authentication. As root, edit the file /etc/ssh/sshd_config on your server. Ensure the following lines exist and edit as follows:

 

 

·        RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys

·        PasswordAuthentication noChallengeResponseAuthentication noUsePAM no

 

 

Save the file, and restart SSHD

 

 

·        /etc/init.d/sshd restart

 

 

Your server is now secure from brute force SSH attacks.

 

Updated on March 6, 2023

Was this article helpful?

Related Articles