{"id":267,"date":"2024-06-26T23:10:34","date_gmt":"2024-06-26T23:10:34","guid":{"rendered":"https:\/\/wafatech.sa\/blog\/?p=267"},"modified":"2024-06-28T00:12:46","modified_gmt":"2024-06-28T00:12:46","slug":"ssh-hardening-for-linux-systems","status":"publish","type":"post","link":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/","title":{"rendered":"SSH Hardening for Linux Systems"},"content":{"rendered":"\n
<\/figure>\n\n\n\n

Securing your SSH access is a crucial step in protecting your Linux server from unauthorized access and potential attacks. SSH (Secure Shell) is a common method for remote administration, and its default configuration can be a target for attackers. This guide will walk you through several best practices to harden your SSH setup.<\/h2>\n\n\n\n

1. Create an Alternative User<\/h3>\n\n\n\n

Before disabling root login, ensure you have another user with sudo privileges to avoid locking yourself out of the server.<\/p>\n\n\n\n

Create a new user:<\/p>\n\n\n\n

sudo adduser your_new_user<\/code><\/pre>\n\n\n\n
Add the user to the sudo group:<\/p>\n\n\n\n
sudo usermod -aG sudo your_new_user<\/code><\/pre>\n\n\n\n
Test the new user by switching to it:<\/p>\n\n\n\n
su - your_new_user<\/code><\/pre>\n\n\n\n
Check sudo privileges:<\/p>\n\n\n\n
sudo whoami<\/code><\/pre>\n\n\n\n
If the command returns “root”, the new user has sudo privileges.<\/p>\n\n\n\n
2. Disable Root Login<\/h3>\n\n\n\n
The root user has unlimited access to your system, making it a prime target for attackers. Disable root login to add an extra layer of security.<\/p>\n\n\n\n
Edit the SSH configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
Find the line:<\/p>\n\n\n\n
PermitRootLogin yes<\/code><\/pre>\n\n\n\n
Change it to:<\/p>\n\n\n\n
PermitRootLogin no<\/code><\/pre>\n\n\n\n
Restart the SSH service:<\/p>\n\n\n\n
sudo systemctl restart sshd<\/code><\/pre>\n\n\n\n
3. Use Strong Passwords and Key-Based Authentication<\/h3>\n\n\n\n
Weak passwords are a common vulnerability. Enforce the use of strong passwords and switch to key-based authentication for better security.<\/p>\n\n\n\n
Generate a key pair on your local machine:<\/p>\n\n\n\n
ssh-keygen -t rsa -b 4096<\/code><\/pre>\n\n\n\n
Copy the public key to the server:<\/p>\n\n\n\n
ssh-copy-id username@server_ip<\/code><\/pre>\n\n\n\n
Disable password authentication by editing the SSH configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
Find the lines:<\/p>\n\n\n\n
#PasswordAuthentication yes\n#ChallengeResponseAuthentication yes<\/code><\/pre>\n\n\n\n
Uncomment and change them to:<\/p>\n\n\n\n
PasswordAuthentication no\nChallengeResponseAuthentication no<\/code><\/pre>\n\n\n\n
Restart the SSH service:<\/p>\n\n\n\n
sudo systemctl restart sshd<\/code><\/pre>\n\n\n\n
4. Change the Default SSH Port<\/h3>\n\n\n\n
Changing the default SSH port (22) can reduce the risk of automated attacks.<\/p>\n\n\n\n
Edit the SSH configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
Find the line:<\/p>\n\n\n\n
#Port 22<\/code><\/pre>\n\n\n\n
Uncomment and change it to a port number between 1024 and 65535:<\/p>\n\n\n\n
Port 2222<\/code><\/pre>\n\n\n\n
Restart the SSH service:<\/p>\n\n\n\n
sudo systemctl restart sshd<\/code><\/pre>\n\n\n\n
Update your firewall rules to allow traffic on the new port:<\/p>\n\n\n\n
sudo ufw allow 2222\/tcp<\/code><\/pre>\n\n\n\n
5. Use Fail2Ban to Prevent Brute Force Attacks<\/h3>\n\n\n\n
Fail2Ban monitors log files and bans IPs that show malicious signs.<\/p>\n\n\n\n
Install Fail2Ban:<\/p>\n\n\n\n
sudo apt-get install fail2ban<\/code><\/pre>\n\n\n\n
Create a local configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n\n
Add the following configuration:<\/p>\n\n\n\n
[sshd]\nenabled = true\nport = 2222\nfilter = sshd\nlogpath = \/var\/log\/auth.log\nmaxretry = 5<\/code><\/pre>\n\n\n\n
Restart Fail2Ban:<\/p>\n\n\n\n
sudo systemctl restart fail2ban<\/code><\/pre>\n\n\n\n
6. Limit User Access<\/h3>\n\n\n\n
Only allow specific users to connect via SSH.<\/p>\n\n\n\n
Edit the SSH configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
Add the following line:<\/p>\n\n\n\n
AllowUsers your_user another_user<\/code><\/pre>\n\n\n\n
Restart the SSH service:<\/p>\n\n\n\n
sudo systemctl restart sshd<\/code><\/pre>\n\n\n\n
7. Enable Two-Factor Authentication (2FA)<\/h3>\n\n\n\n
Adding a second layer of security can significantly reduce the risk of unauthorized access.<\/p>\n\n\n\n
Install Google Authenticator:<\/p>\n\n\n\n
sudo apt-get install libpam-google-authenticator<\/code><\/pre>\n\n\n\n
Configure SSH to use PAM:<\/p>\n\n\n\n
sudo nano \/etc\/pam.d\/sshd<\/code><\/pre>\n\n\n\n
Add the following line at the end:<\/p>\n\n\n\n
auth required pam_google_authenticator.so<\/code><\/pre>\n\n\n\n
Edit the SSH configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
Find and change the following line:<\/p>\n\n\n\n
ChallengeResponseAuthentication no<\/code><\/pre>\n\n\n\n
To:<\/p>\n\n\n\n
ChallengeResponseAuthentication yes<\/code><\/pre>\n\n\n\n
Restart the SSH service:<\/p>\n\n\n\n
sudo systemctl restart sshd<\/code><\/pre>\n\n\n\n
Run Google Authenticator for your user:<\/p>\n\n\n\n
google-authenticator<\/code><\/pre>\n\n\n\n
Follow the prompts to complete the setup.<\/p>\n\n\n\n
Conclusion<\/h3>\n\n\n\n
By implementing these SSH hardening techniques, you can significantly enhance the security of your Linux server. Regularly review and update your security practices to keep up with new threats and vulnerabilities.<\/p>\n","protected":false},"excerpt":{"rendered":"
Securing your SSH access is a crucial step in protecting your Linux server from unauthorized access and potential attacks. SSH (Secure Shell) is a common method for remote administration, and its default configuration can be a target for attackers. This guide will walk you through several best practices to harden your SSH setup. 1. Create […]<\/p>\n","protected":false},"author":2,"featured_media":335,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"\n
\n
\"\"<\/figure>\n<\/figure>\n\n\n\n
Securing your SSH access is a crucial step in protecting your Linux server from unauthorized access and potential attacks. SSH (Secure Shell) is a common method for remote administration, and its default configuration can be a target for attackers. This guide will walk you through several best practices to harden your SSH setup.<\/p>\n\n\n\n
1. Create an Alternative User<\/h3>\n\n\n\n
Before disabling root login, ensure you have another user with sudo privileges to avoid locking yourself out of the server.<\/p>\n\n\n\n
Create a new user:<\/p>\n\n\n\n
sudo adduser your_new_user<\/code><\/pre>\n\n\n\n
Add the user to the sudo group:<\/p>\n\n\n\n
sudo usermod -aG sudo your_new_user<\/code><\/pre>\n\n\n\n
Test the new user by switching to it:<\/p>\n\n\n\n
su - your_new_user<\/code><\/pre>\n\n\n\n
Check sudo privileges:<\/p>\n\n\n\n
sudo whoami<\/code><\/pre>\n\n\n\n
If the command returns \"root\", the new user has sudo privileges.<\/p>\n\n\n\n
2. Disable Root Login<\/h3>\n\n\n\n
The root user has unlimited access to your system, making it a prime target for attackers. Disable root login to add an extra layer of security.<\/p>\n\n\n\n
Edit the SSH configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
Find the line:<\/p>\n\n\n\n
PermitRootLogin yes<\/code><\/pre>\n\n\n\n
Change it to:<\/p>\n\n\n\n
PermitRootLogin no<\/code><\/pre>\n\n\n\n
Restart the SSH service:<\/p>\n\n\n\n
sudo systemctl restart sshd<\/code><\/pre>\n\n\n\n
3. Use Strong Passwords and Key-Based Authentication<\/h3>\n\n\n\n
Weak passwords are a common vulnerability. Enforce the use of strong passwords and switch to key-based authentication for better security.<\/p>\n\n\n\n
Generate a key pair on your local machine:<\/p>\n\n\n\n
ssh-keygen -t rsa -b 4096<\/code><\/pre>\n\n\n\n
Copy the public key to the server:<\/p>\n\n\n\n
ssh-copy-id username@server_ip<\/code><\/pre>\n\n\n\n
Disable password authentication by editing the SSH configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
Find the lines:<\/p>\n\n\n\n
#PasswordAuthentication yes\n#ChallengeResponseAuthentication yes<\/code><\/pre>\n\n\n\n
Uncomment and change them to:<\/p>\n\n\n\n
PasswordAuthentication no\nChallengeResponseAuthentication no<\/code><\/pre>\n\n\n\n
Restart the SSH service:<\/p>\n\n\n\n
sudo systemctl restart sshd<\/code><\/pre>\n\n\n\n
4. Change the Default SSH Port<\/h3>\n\n\n\n
Changing the default SSH port (22) can reduce the risk of automated attacks.<\/p>\n\n\n\n
Edit the SSH configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
Find the line:<\/p>\n\n\n\n
#Port 22<\/code><\/pre>\n\n\n\n
Uncomment and change it to a port number between 1024 and 65535:<\/p>\n\n\n\n
Port 2222<\/code><\/pre>\n\n\n\n
Restart the SSH service:<\/p>\n\n\n\n
sudo systemctl restart sshd<\/code><\/pre>\n\n\n\n
Update your firewall rules to allow traffic on the new port:<\/p>\n\n\n\n
sudo ufw allow 2222\/tcp<\/code><\/pre>\n\n\n\n
5. Use Fail2Ban to Prevent Brute Force Attacks<\/h3>\n\n\n\n
Fail2Ban monitors log files and bans IPs that show malicious signs.<\/p>\n\n\n\n
Install Fail2Ban:<\/p>\n\n\n\n
sudo apt-get install fail2ban<\/code><\/pre>\n\n\n\n
Create a local configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n\n
Add the following configuration:<\/p>\n\n\n\n
[sshd]\nenabled = true\nport = 2222\nfilter = sshd\nlogpath = \/var\/log\/auth.log\nmaxretry = 5<\/code><\/pre>\n\n\n\n
Restart Fail2Ban:<\/p>\n\n\n\n
sudo systemctl restart fail2ban<\/code><\/pre>\n\n\n\n
6. Limit User Access<\/h3>\n\n\n\n
Only allow specific users to connect via SSH.<\/p>\n\n\n\n
Edit the SSH configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
Add the following line:<\/p>\n\n\n\n
AllowUsers your_user another_user<\/code><\/pre>\n\n\n\n
Restart the SSH service:<\/p>\n\n\n\n
sudo systemctl restart sshd<\/code><\/pre>\n\n\n\n
7. Enable Two-Factor Authentication (2FA)<\/h3>\n\n\n\n
Adding a second layer of security can significantly reduce the risk of unauthorized access.<\/p>\n\n\n\n
Install Google Authenticator:<\/p>\n\n\n\n
sudo apt-get install libpam-google-authenticator<\/code><\/pre>\n\n\n\n
Configure SSH to use PAM:<\/p>\n\n\n\n
sudo nano \/etc\/pam.d\/sshd<\/code><\/pre>\n\n\n\n
Add the following line at the end:<\/p>\n\n\n\n
auth required pam_google_authenticator.so<\/code><\/pre>\n\n\n\n
Edit the SSH configuration file:<\/p>\n\n\n\n
sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
Find and change the following line:<\/p>\n\n\n\n
ChallengeResponseAuthentication no<\/code><\/pre>\n\n\n\n
To:<\/p>\n\n\n\n
ChallengeResponseAuthentication yes<\/code><\/pre>\n\n\n\n
Restart the SSH service:<\/p>\n\n\n\n
sudo systemctl restart sshd<\/code><\/pre>\n\n\n\n
Run Google Authenticator for your user:<\/p>\n\n\n\n
google-authenticator<\/code><\/pre>\n\n\n\n
Follow the prompts to complete the setup.<\/p>\n\n\n\n
Conclusion<\/h3>\n\n\n\n
By implementing these SSH hardening techniques, you can significantly enhance the security of your Linux server. Regularly review and update your security practices to keep up with new threats and vulnerabilities.<\/p>\n","_et_gb_content_width":"","inline_featured_image":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[22],"tags":[],"class_list":["post-267","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux-security","et-has-post-format-content","et_post_format-et-post-format-standard"],"yoast_head":"\nSSH Hardening for Linux Systems - WafaTech Blogs<\/title>\n<meta name=\"description\" content=\"Enhance the security of your Linux systems by implementing effective SSH hardening techniques. Learn best practices for securing SSH, including key-based authentication, disabling root login, and configuring firewall rules.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSH Hardening for Linux Systems\" \/>\n<meta property=\"og:description\" content=\"Enhance the security of your Linux systems by implementing effective SSH hardening techniques. Learn best practices for securing SSH, including key-based authentication, disabling root login, and configuring firewall rules.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/\" \/>\n<meta property=\"og:site_name\" content=\"WafaTech Blogs\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-26T23:10:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-28T00:12:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/1711070923532.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"WafaTech SA\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@wafatech_sa\" \/>\n<meta name=\"twitter:site\" content=\"@wafatech_sa\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"WafaTech SA\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/\"},\"author\":{\"name\":\"WafaTech SA\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/person\\\/1a5761fc0feb63ab59d295d7c2648f06\"},\"headline\":\"SSH Hardening for Linux Systems\",\"datePublished\":\"2024-06-26T23:10:34+00:00\",\"dateModified\":\"2024-06-28T00:12:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/\"},\"wordCount\":424,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/1711070923532.png\",\"articleSection\":[\"Linux Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/\",\"name\":\"SSH Hardening for Linux Systems - WafaTech Blogs\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/1711070923532.png\",\"datePublished\":\"2024-06-26T23:10:34+00:00\",\"dateModified\":\"2024-06-28T00:12:46+00:00\",\"description\":\"Enhance the security of your Linux systems by implementing effective SSH hardening techniques. Learn best practices for securing SSH, including key-based authentication, disabling root login, and configuring firewall rules.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/#primaryimage\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/1711070923532.png\",\"contentUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/1711070923532.png\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/ssh-hardening-for-linux-systems\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SSH Hardening for Linux Systems\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\",\"name\":\"WafaTech Blogs\",\"description\":\"Smart Technologies\",\"publisher\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\"},\"alternateName\":\"WafaTech\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\",\"name\":\"WafaTech Blogs\",\"alternateName\":\"WafaTech\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/logo_big.webp\",\"contentUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/logo_big.webp\",\"width\":2221,\"height\":482,\"caption\":\"WafaTech Blogs\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/WafaTech\\\/61560546351289\\\/\",\"https:\\\/\\\/x.com\\\/wafatech_sa\",\"https:\\\/\\\/www.youtube.com\\\/@wafatech-sa\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/wafatech\\\/\"],\"description\":\"WafaTech, a leading Saudi IT services provider, specializes in cloud solutions, connectivity, and ICT services. Offering secure cloud infrastructure, high-speed internet, and ICT solutions like hosting, backup, and disaster recovery, WafaTech operates a Tier 3 data center at KAUST with ISO certifications. Regulated by CST, the company is committed to innovation, security, and customer satisfaction, empowering businesses in the digital age.\",\"email\":\"sales@wafatech.sa\",\"legalName\":\"Al-Wafa Al-Dhakia For Information Technology LLC\",\"foundingDate\":\"2013-01-08\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/person\\\/1a5761fc0feb63ab59d295d7c2648f06\",\"name\":\"WafaTech SA\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"caption\":\"WafaTech SA\"},\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/author\\\/omer-yaseen\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SSH Hardening for Linux Systems - WafaTech Blogs","description":"Enhance the security of your Linux systems by implementing effective SSH hardening techniques. Learn best practices for securing SSH, including key-based authentication, disabling root login, and configuring firewall rules.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/","og_locale":"en_US","og_type":"article","og_title":"SSH Hardening for Linux Systems","og_description":"Enhance the security of your Linux systems by implementing effective SSH hardening techniques. Learn best practices for securing SSH, including key-based authentication, disabling root login, and configuring firewall rules.","og_url":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/","og_site_name":"WafaTech Blogs","article_publisher":"https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/","article_published_time":"2024-06-26T23:10:34+00:00","article_modified_time":"2024-06-28T00:12:46+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/1711070923532.png","type":"image\/png"}],"author":"WafaTech SA","twitter_card":"summary_large_image","twitter_creator":"@wafatech_sa","twitter_site":"@wafatech_sa","twitter_misc":{"Written by":"WafaTech SA","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/#article","isPartOf":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/"},"author":{"name":"WafaTech SA","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/person\/1a5761fc0feb63ab59d295d7c2648f06"},"headline":"SSH Hardening for Linux Systems","datePublished":"2024-06-26T23:10:34+00:00","dateModified":"2024-06-28T00:12:46+00:00","mainEntityOfPage":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/"},"wordCount":424,"commentCount":2,"publisher":{"@id":"https:\/\/wafatech.sa\/blog\/#organization"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/1711070923532.png","articleSection":["Linux Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/","url":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/","name":"SSH Hardening for Linux Systems - WafaTech Blogs","isPartOf":{"@id":"https:\/\/wafatech.sa\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/#primaryimage"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/1711070923532.png","datePublished":"2024-06-26T23:10:34+00:00","dateModified":"2024-06-28T00:12:46+00:00","description":"Enhance the security of your Linux systems by implementing effective SSH hardening techniques. Learn best practices for securing SSH, including key-based authentication, disabling root login, and configuring firewall rules.","breadcrumb":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/#primaryimage","url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/1711070923532.png","contentUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/1711070923532.png","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/ssh-hardening-for-linux-systems\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wafatech.sa\/blog\/"},{"@type":"ListItem","position":2,"name":"SSH Hardening for Linux Systems"}]},{"@type":"WebSite","@id":"https:\/\/wafatech.sa\/blog\/#website","url":"https:\/\/wafatech.sa\/blog\/","name":"WafaTech Blogs","description":"Smart Technologies","publisher":{"@id":"https:\/\/wafatech.sa\/blog\/#organization"},"alternateName":"WafaTech","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wafatech.sa\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/wafatech.sa\/blog\/#organization","name":"WafaTech Blogs","alternateName":"WafaTech","url":"https:\/\/wafatech.sa\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","contentUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","width":2221,"height":482,"caption":"WafaTech Blogs"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/","https:\/\/x.com\/wafatech_sa","https:\/\/www.youtube.com\/@wafatech-sa","https:\/\/www.linkedin.com\/company\/wafatech\/"],"description":"WafaTech, a leading Saudi IT services provider, specializes in cloud solutions, connectivity, and ICT services. Offering secure cloud infrastructure, high-speed internet, and ICT solutions like hosting, backup, and disaster recovery, WafaTech operates a Tier 3 data center at KAUST with ISO certifications. Regulated by CST, the company is committed to innovation, security, and customer satisfaction, empowering businesses in the digital age.","email":"sales@wafatech.sa","legalName":"Al-Wafa Al-Dhakia For Information Technology LLC","foundingDate":"2013-01-08","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"}},{"@type":"Person","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/person\/1a5761fc0feb63ab59d295d7c2648f06","name":"WafaTech SA","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","caption":"WafaTech SA"},"url":"https:\/\/wafatech.sa\/blog\/author\/omer-yaseen\/"}]}},"jetpack_featured_media_url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/1711070923532.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts\/267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/comments?post=267"}],"version-history":[{"count":18,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts\/267\/revisions"}],"predecessor-version":[{"id":388,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts\/267\/revisions\/388"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/media\/335"}],"wp:attachment":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/media?parent=267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/categories?post=267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/tags?post=267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}