In an era where cyber threats are increasingly sophisticated, securing your SSH (Secure Shell) sessions on Linux servers is paramount. SSH is a widely used protocol for securely accessing and managing servers and network devices, but its very popularity makes it a prime target for attackers. To enhance the security of your SSH sessions, we’ve compiled a list of best practices that system administrators should implement.

1. Use Strong Passwords and Key-Based Authentication

Strong Passwords

If password authentication is required, it’s essential to enforce a strong password policy. Passwords should be a minimum of 12 characters in length and include a combination of letters, numbers, and special symbols.

Key-Based Authentication

For an extra layer of security, consider using SSH key-based authentication instead of passwords. This method involves generating a public-private key pair. The private key remains secure on your machine, while the public key is stored on the server. This approach mitigates the risk of brute-force attacks on passwords.

To create an SSH key pair, use the following command:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

This will generate a key pair that you can then add to your server’s ~/.ssh/authorized_keys file.

2. Disable Root Logins

Allowing direct root logins can lead to significant security risks. Attackers often target the root account, so it’s best practice to disable root access over SSH.

To do this, edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find the line:

PermitRootLogin yes

Change it to:

PermitRootLogin no

After making this change, save the file and restart the SSH service:

sudo systemctl restart sshd

3. Change the Default SSH Port

By default, SSH operates on port 22, making it a common target for attackers. Changing the default port can reduce the number of automated attacks attempting to exploit this service.

Edit the SSH configuration file as follows:

sudo nano /etc/ssh/sshd_config

Look for the line:

Port 22

And change it to a non-standard port, e.g.,:

Port 2222

Remember to adjust your firewall rules accordingly and inform users about the new port to avoid confusion.

4. Implement Two-Factor Authentication (2FA)

Adding an additional layer of security through two-factor authentication (2FA) can significantly improve the security of SSH sessions. Tools like Google Authenticator or DuoSecurity can be integrated with your SSH server to require a second form of verification after the password or SSH key authentication.

5. Monitor and Limit User Access

User Access Control

Limit SSH access to only those users who need it. Regularly audit user access and disable accounts that are no longer required.

Fail2Ban

Consider using tools like Fail2Ban to monitor SSH access attempts. This utility automatically bans IP addresses that exhibit suspicious behavior, such as multiple failed login attempts.

Install Fail2Ban and enable the SSH filter:

sudo apt-get install fail2ban

Configure it by editing:

sudo nano /etc/fail2ban/jail.local

Uncomment and configure the following section:

[sshd]

enabled = true

6. Use a Firewall

Implement a firewall to control incoming and outgoing traffic to your server. Configure it to allow only known IP addresses to access your SSH port.

If using UFW (Uncomplicated Firewall), it can be set up as follows:

sudo ufw allow from <allowed_IP> to any port 2222

sudo ufw enable

Always review your firewall rules and only allow the minimum required access.

7. Keep Software Updated

Regularly update the SSH server and other related software to protect against known vulnerabilities. Use the following commands to stay updated:

sudo apt update

sudo apt upgrade

8. Use SSH Connection Timeout and Keep Alive Settings

Configure ClientAliveInterval and ClientAliveCountMax variables in your SSH configuration to force sessions to terminate after a period of inactivity.

Here’s how to set it:

sudo nano /etc/ssh/sshd_config

Add or modify:

ClientAliveInterval 300

ClientAliveCountMax 2

This means that if the server has not received any data from the client in 300 seconds, it will send a request to keep the session alive. If there are no responses after two attempts, the server will disconnect the session.

Conclusion

Securing SSH sessions on Linux servers is an ongoing process that requires diligent application of best practices and proactive monitoring. By implementing these security measures—using strong authentication methods, limiting access, changing default configurations, and keeping software updated—you can significantly bolster the security of your SSH connections. Always remember that in the world of cybersecurity, the best defense is a good offense. Regularly review your security posture to adapt to emerging threats, and keep your systems secure and resilient.

By following these best practices, you can help protect your Linux servers from unauthorized access and keep your data secure. For more insights and tutorials, stay tuned to WafaTech Blog.