Open in app

Sign in

Write

Sign in

Hardening & Securing SSH (Secure Shell)

Ayush Pandey
3 min readJul 27, 2022

Hello Elites,

Today I am here to share some useful tips regarding securing SSH(secure shell), So please be in this article to get the complete overview of it, So that I can write more such relevant articles.

So, basically what is SSH, How to secure SSH(secure shell) and why we secure SSH?

SSH, often called Secure Shell or Secure Socket Shell, it’s a network protocol that provides users, especially system administrators, with a secure way to access a computer across an unsafe network. SSH can also refer to a group of tools that carry out SSH operations.

SSH authenticates and encrypts every connection. SSH provides IT and Infosec professionals with a secure method for remotely managing SSH clients. An SSH client and server establish a connection without the need for password authentication because SSH authenticates the devices themselves.

Best way to grab the concept is with the SSH connection diagram between client and server :

The Image is the best example for the client server SSH Connection. Securing SSH, SSH Security
SSH Connection between Client and Server

The practice of securing SSH comes under the chapter of Security Hardening which suggests some preventive measures which are as follows:

Disabling Remote Authentication:

Steps to perform:

  • Login to your Shell (debian/fedora/ubuntu/centos/redhat), Here I am using Ubuntu shell for the practical purpose.
  • Navigate to the given location by using below command:

vim /etc/ssh/sshd_config

Securing SSH
Navigate to the path
  • Just disable the below option from the config file.
  1. Disable the default port i.e. 22 to something different, But remember, always avoid using the port 222.2222.22222.
  2. Proper verification must be done on using different port because of the port block issue.
Securing SSH
Disable default port 22

3. Next just move down to the config file and edit the option “PermitRootLogin” as no.

Securing SSH
Set PermitRootLogin to no

4. Now, Moving on the next value, Change PasswordAuthentication parameter to yes.

Securing SSH, SSH security
Change PasswordAuthentication to yes

5. After going through all the above steps just restart the service with the below command.

Systemctl restart sshd

Securing SSH
Restarting the service

Advantages of securing SSH:

  • The use of encryption to enable secure information flow between the client and the server is SSH’s main benefit. Users can use SSH to run shell commands on a distant computer just like they would if they were in front of it physically.
  • security control of network infrastructure parts.
  • Secure file transfer sessions.

References:

You can read more about SSH and Securing SSH from here: https://www.ssh.com/academy/ssh/protocol

https://www.hostinger.in/tutorials/ssh-tutorial-how-does-ssh-work

Ssh Tunnel
Ssh
Cybersecurity
Cis Benchmarks
Security Hardening

--

--

Ayush Pandey

Written by Ayush Pandey

33 Followers

Security Researcher | Bug Hunter | Blue Teaming | Information security Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams