SSH Hardening
Securing SSH is the most critical step in protecting your server from unauthorized access.
01Generate SSH Key
On your local machine, generate a secure Ed25519 key pair.
Local Terminal
ssh-keygen -t ed25519 -C "[email protected]"02Copy Public Key
Transfer your public key to the server using ssh-copy-id.
Local Terminal
ssh-copy-id new_user@YOUR_SERVER_IP03Configure SSH Daemon
Edit the SSH configuration file on your server.
Server Terminal
sudo nano /etc/ssh/sshd_configApply the following critical security settings:
/etc/ssh/sshd_config
# Change default port (security through obscurity)
Port 2222
# Disable root login
PermitRootLogin no
# Disable password authentication
PasswordAuthentication no
# Enable public key authentication
PubkeyAuthentication yes
# Disable X11 forwarding
X11Forwarding no
# Limit authentication attempts
MaxAuthTries 304Apply & Secure
Restart the SSH service and set strict permissions on your .ssh directory.
Server Terminal
# Restart SSH service
sudo systemctl restart ssh
# Set secure permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R new_user:new_user ~/.sshNOTE: You must now connect using the new port: ssh -p 2222 user@ip