SSH Security Tightening: Disabling Root Login and Changing Port
Default SSH port when a Linux server is installed 22 and main administrator name rootis. Internet hackers use bot software to make thousands of password attempts (Brute-Force) per second to the root user via port 22. To prevent your server from being hacked, you have to secure the SSH protocol. Here are the 2 most effective methods.
Step 1: Changing SSH Port
Using a non-standard port allows automated crawling bots to bypass your server:
- Open the SSH configuration file:
nano /etc/ssh/sshd_config - in the file
#Port 22Find the line. Remove the leading # sign and replace 22 with an external port that no one will guess (Ex:Port 48452). - *(Very Important Warning: Before restarting the SSH service, open the newly determined port from your UFW or Firewalld firewall. Otherwise, your connection to the server will be completely disconnected!)*
Step 2: Prohibiting Direct Root Login (PermitRootLogin No)
To prevent attackers from targeting the 'root' username, we will first create a subuser for ourselves, then turn off root login:
- Add a new system user:
adduser sunucuyoneticisi - Define a strong password for this user:
passwd sunucuyoneticisi - again
/etc/ssh/sshd_configOpen the file.PermitRootLogin yesby finding the line no change to:PermitRootLogin no - Save the file and exit and refresh the SSH service:
systemctl restart sshdorsystemctl restart ssh
New Login Logic: You can no longer connect directly to the server as root. First you createdsunucuyoneticisiaccount, then enter the terminalsu -You must switch to full authority by typing the command and entering your root password. In this way, your server security will increase by 99%.
This article is specially prepared for PvPServer.
