The recent cyberattacking events illustrate how your weakness could be abused by hacktivists and people with wicked intentions. In an online ecosystem, where competition is cutthroat and unrelenting, security is a core requirement that shields your mission-critical data from accidental or deliberate theft, integrity compromise, and deletion. Businesses are putting their best endeavors to follow industry-leading security practices to avoid every single slip up that can lead to irrecoverable losses.
Today, most companies rely on a Linux server to host their mission-critical websites owing to its cost-efficiency and trail of rich functionalities. To connect and manage the server environment, they use a software utility – SSH software utility that is included in every mainstream Linux distribution.
This blog attempts to elucidate how to configure and protect SSH in Linux Server.
However, before starting off the ground, let’s take a quick glance over SSH:
SSH, which stands for Secure Shell, is one of the preferred protocols that help in building administrative connections to Linux dedicated servers via a command line interface. It functions like SSL that is responsible for establishing a secure connection between the client and the server. In the similar way, SSH takes complete onus of tunneling to secure application session in transit. SSH protocol works on remote machine default port number 22 to carry out the data exchange between the remote end-users and the server.
How Does SSH Work?
The Secure Shell protocol is embedded with a client-server model to verify two parties and encrypt the data and applications in transit.
- First, a request to establish a connection is made, which allows the clients to ensure that they are connecting to the right server.
- The requested connection between the server and the clients gets encrypted
- Thereafter, server verifies the credentials provided by the client for authentication.
- Finally, the encrypted connection allows the client and the server to share the information
How to Protect SSH Against Common Security Threats
Change the Default Port:
Every hacker is aware of the fact that SSH is by default set to the port number 22, while the default user name is root. If, the hackers get access to this default port, they can simply make attempts for the passwords. God Forbid! If they succeed in their endeavors, they can do disasters. Thus, the best option suggested by technical ninjas is to change the SSH port number other from 22 as this will help in curtailing the illicit attempts.
Here are simple steps for changing the SSH port in your Linux Server
First, connect to your server with the help of SSH
Switch to the root user
Run: vi /etc/ssh/sshd_config
Locate # Port 22
Delete # and change 22 to another port number.
Run service sshd restart command to restart the server
Change the Default Root Login
As mentioned, the default user login in Linux server is root. Attackers can simply login with this default user name by trying different combinations of password to gain access to the entire Linux server. Thus, it is sagacious to change the default user name to keep your Linux based virtual or dedicated server hosting protected against nasty acts.
- Follow the below steps to change it
- First, you need to login the Server through root user by entering your current password
- Use shortcut Ctrl+Alt+T to open a new terminal window
- Type su at the command prompt & press Enter
- Enter your existing password
- Now, enter your new UNIX password
- Retype the password & press Enter
Type exit and Enter
It is important to ensure that your SSH port is exceptionally accessible not to all IPs, but to specific ones. To ensure that you give SSH access to the specific IPs, run the following commands:
- sshd : localhost : allow
- sshd : 192.108.0. : allow
- sshd : 99.121.280.7 : allow
- sshd : ALL : deny
Protect Your SSH Key
Make sure that your private key (that is saved on your desktop and/or laptop) stays out of hackers reach. For this, you can protect it with a passphrase.
Take a quick look at some other practices that clients can follow to protect their operating systems and applications:
Change vendor-supplied defaults prior to deploying new applications/websites, including passwords, security settings, and simple network management community strings (SNMP).
Do not keep unnecessary user accounts as they might invite the unwelcomed, putting your data integrity at stake. Delete or disable the redundant user accounts.
Keep functions that demand different security levels other than the existing server on a separate server, such as web servers, domain name servers, and database separate servers.
Disable the Unwanted
Remove all non-useful functionalities including scripts, subsystems, drivers, features, configurations, volumes, and web servers.
Technologies could be exploited if immediate actions are not taken to protect customers. It is important to configure services keeping best security practices in mind.