Making SSH more secure

Making SSH more secure

There are several ways to make SSH (Secure shell) more secure than it already is and make it harder for attackers to gain entry into your Linux server through it. Root is the ultimate admin user with every privilege imaginable. The first thing is to deny Root from logging into your Linux server through SSH.

Getting SSH

To get started with SSH we need to install SSH server on our computer. To do this on Debian or Ubuntu run this command: (as root or su-)


To disable ROOT access from SSH

Change “PermitRootLogin” to “NO” in the /etc/sshd/sshd_config file.  Then restart the ssh server by typing in systemctl restart ssh


Change the Port

SSH normally runs on port 22, we know that and the bad guys do too. So let’s get rid of the automated bots and the script kiddies by changing it to something else. Lets choose 8888 (not the one I really chose so don’t get any ideas).

find the entry called “PORT” and remove the # sign and put in our number of 8888 save it and then restart the ssh server


Don’t use a password

Use a big key that you have stored on your machine and no one else knows.  First we need to generate the keys. There will be two of them one of which we are going to share with the server.


you should keep the keys where they are for now we can copy them later. You also have the ability to use a passphrase or press enter to go without one.

The two keys that it generates are:

  1. Public key —
  2. Private Key — id_rsa


From the client machine

On the server

change “PasswordAuthentication” line to “NO” in the /etc/sshd/sshd_config file.


Now you can login without a password.

Just these three simple techniques will save you a lot of headaches. Remember to backup your keys to a USB stick or two that you have handy.  Never share your private key.

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 3

No votes so far! Be the first to rate this post.

Updated on