How to configure secure SSH for Linux you should not ignore

As soon as you create your VPS, you need to take some security measures for the SSH protocol. 

In this article, I will guide you through some secure SSH methods.

Note : When making the changes below, remember to keep the active session. Open a new session and test again to see if OK. If there is an error, you can still keep the old session to reset it .

1. Change SSH Port

By default, you connect SSH to the server using port 22. This is the port everyone knows, so you need to change the port right away.

Connect SSH to the server with the root account using MobaXTerm.

Then you open the file /etc/ssh/sshd_config with Moba Editor. Find the line after #Port 22. Uncomment and use the port you want. The port number must be less than or equal to 4 digits. The port you intend to transfer should not conflict with other ports. 

For example, you change the following: ​

After changing, run the following command to reload the configuration file: 

2. SSH connection with SSH Key

Next you should not connect SSH via password authentication. Instead use SSH connection using SSH Key like this tutorial.

3. Do not log in with the root account

Using a root account is not very secure.

You should create another user instead. When you need to switch to the root account, use the command su – , or add sudo before the command that needs root authority.

First you create a new user with the following command: ​ (replace example_user with your user name)

CentOS

Then add the new user to the group wheel. This is the group that has permission to run the sudo command: 

You need to check the file /etc/sudoers to uncomment this line 

Ubuntu: 

You will be asked for the password for the user you added with the above command. 

Then add the user to the sudo group with the following command: ​

Next you don’t allow the connection to the root account.

Open the file /etc/ssh/sshd_config and change #PermitRootLogin yes to  PermitRootLogin no.

Then add the following line at the end of the file. 

You only allow the user you just created the SSH connection to. 

Reload the ssh configuration file with the following command: 

Do not close the current connection. Now open you open the connection tab with MobaXTerm using the connection information as the user you just created. 

After the connection is successful, try the sudo command to see if it succeeds or not. There is a way to check: you use the command restart sshd itself. This command must be run as root. If you run as a non-root user. You need to upgrade permissions with sudo as follows: 

Those are ways to make your SSH connection more secure.