In the following article we will give you some tips about how to secure SSH login on your Linux Virtual Server.


In theory (and in practice too) it is not secure to allow remote ROOT login to your server or a VPS… Using password authentication is also insecure… And that is why we will start this tutorial with the Public Key Authentication method.

Our first step will be to generate a public and private key. For this we recommend using PuTTYgen.

Once the program is downloaded start it and click the “Generate” button.

Move your mouse (PuTTYgen uses random mouse movement to generate a public and private key)

Enter in a “Key Comment” (this text will appear each time you login via SSH, something like “Authenticating with public key: YOUR KEY COMMENTS”)

Once the keys are generated we will need to create a new user account first. Keep the PuTTYgen window open because we will still use it.
To create a new system account first we will need to log in to your VPS as ROOT via SSH. Once you are in just type:

useradd -s /bin/bash -m yourname

(you can replace “yourname” with any username you want)
for more info how to create a new user on a Linux server you can check this tutorial.

We will also add this user to the “sudoers” list, so, open up the “sudoers” file with the following command:

visudo

and find and change the following line…

root ALL=(ALL) ALL

with

root ALL=(ALL) ALL
yourname ALL=(ALL) NOPASSWD: ALL
(do not forget to replace "yourname" with the actual username that you want to use)

Save and exit the file.


Next, we will need to setup a password for the new created account. You can do that with the following command:

passwd yourname

(do not forget to replace “yourname” with the actual username that you want to use)
and enter the new password when you will be asked.

Next you will need to create an “.ssh” directory in the “yourname” user home directory (this is where the authorized_keys file will be stored) with the following command:

mkdir /home/yourname/.ssh

(do not forget to replace “yourname” with the actual username that you want to use)
and we also need to create the authorized_keys file:

touch /home/yourname/.ssh/authorized_keys

(do not forget to replace “yourname” with the actual username that you want to use)

next, edit the file with:

nano /home/yourname/.ssh/authorized_keys

(do not forget to replace “yourname” with the actual username that you want to use)
and copy the public key from the PuTTYgen window and paste it into the open authorized_keys file.

Save and exit the file.

We can finish up using PuTTYgen by clicking the “Save Private Key” button an save the private key on a safe place on your computer. We are done with PuTTYgen.


CHANGE DEFAULT SSH PORT

Another thing we can do is to change the default “22” port to something else. To do that we will need to edit the SSH configuration file:

nano /etc/ssh/sshd_config

and find the following line:

Port 22

and change it with something else:

Port xxxx

(where xxxx will be the new SSH port)

Second, in the same file confirm that the following lines are set to “yes”…

RSAAuthentication yes
PubkeyAuthentication yes

after that find the following lines:

PermitRootLogin yes
PasswordAuthentication yes

and replace them with:

PermitRootLogin no
PasswordAuthentication no

And at the end do not forget to restart your SSH service for all these changes can take effects:

/etc/init.d/ssh restart

If you’re one of our Linux VPS Hosting customers we can help you to secure the SSH logins on your virtual server for you free of charge. Just contact us and some of our experts will complete your request immediately.

Leave a Reply

Your email address will not be published. Required fields are marked *