Hardening SSH· 1 minute read
A very nice article: Keeping SSH access secure
I use the following in /etc/ssh/sshd_config:
AllowUsers username PermitRootLogin no
Which kills root login access to the server meaning you will need to login as the username provided in AllowUsers and then su to root (eg. su root) or sudo the commands if you have sudo setup (apt-get install sudo).
You may also wish to change the port through which SSH occurs by adding:
Where 2345 is the new port number. This will stop people from attacking through the standard port 22, which can help against script kiddies and those using pre-packaged scripts. It will however not stop someone from finding the new port via ICMP sweeps.
Kick over SSHd: