Add Me!Close Menu Navigation

My technical corner about Linux, Perl, programming, computer networks and network security

Add Me!Open Categories Menu

Secure configuration of OpenSSH

OpenSSH is a service designed for a remote management so secure configuration of it is mandatory. I show some useful tricks to make your OpenSSH safer. I describe options from the main configuration file of the OpenSSH service – in most distributions it is at /etc/ssh/sshd_config


1) Turn off the permission to login on the root account directly (most Linux distributions have this option set to on). After this, you can login on the root account from a user account by the su command or the sudo command. You should be sure that your system allows to use su from specified users. Sometimes it is require to add your user account to the wheel group.

PermitRootLogin no


2) Configure the OpenSSH service to use an alternate port instead of default (22) to prevent it from automatic programs which will be attempted to guess a password.

Listen 12312


3) Use a non-standard user name instead of your name or something like: admin, admins, operator, etc. There is no any objections to
login looks like smiliar as password (for example: jgnair134)


4) Use the AllowUsers directive to specify which users only can login over the SSH protocol

AllowUsers jgnair134


5) Use the public key based authentication instead of PasswordAuthentication however you must be vigilant to avoid lost your private key.

PasswordAuthentication no

Leave a Reply

You must be logged in to post a comment.