SSH (Secure Shell) is a cryptographic network protocol for secure data communication, remote shell access, and other secure network services between two networked computers. Proper configuration ensures security and optimal performance.

Key Configuration Parameters

  • Port: Default is 22, but can be changed for enhanced security (e.g., 2222 or 222).
  • Authentication: Supports password, public key, and keyboard-interactive methods.
    Recommended: Use public key authentication (~/.ssh/id_rsa) for stronger security.
  • PermitRootLogin: Set to no to disable root login via SSH.
    ⚠️ Example: PermitRootLogin no
  • PasswordAuthentication: Enable/disable password-based login.
    🔐 Best Practice: PasswordAuthentication no

Sample sshd_config Snippets

# Listen on a non-standard port
Port 2222

# Allow only specific users
AllowUsers user1 user2

# Enable public key authentication
PubkeyAuthentication yes

# Specify authorized keys file
AuthorizedKeysFile .ssh/authorized_keys

Security Tips

  1. Disable IPv6: Add ListenAddress 0.0.0.0 to restrict to IPv4.
  2. Update Regularly: Keep OpenSSH patched against vulnerabilities.
  3. Use Fail2Ban: Prevent brute-force attacks by blocking IPs after failed attempts.
  4. Log Monitoring: Enable logging (LogLevel VERBOSE) to track suspicious activity.

For advanced setup, refer to our SSH Tutorial 📚.

SSH Configuration
Secure Socket Shell