Disable root login,password and change default port 22
Security Layer 3 & 4
Now let us disable root login and password. For this first go to folder 'ssh' then edit file 'sshd_config'
Here we will change the following parameters:
1) port 22
2) PermitRootLogin yes
3) PasswordAuthentication yes
Remember to remove the hash sign before each parameters to take effect.
First change the 'PermitRootLogin yes' to 'PermitRootLogin no'.
Then add a line just below it 'AllowUsers rocket'. You can add as many users you want. Just give a space between each users.
Now change the 'PasswordAuthentication yes' to 'PasswordAuthentication no'.
Change the default port 22 through which ssh connection has been made to some other port in the range 1024 - 32767. Here we choose our Port as 1234. Then use (^O) to write out/ save the parameters and then (^X) to exit.
Then you must restart the service for the change in parameters to take effect.
Now check the status with the command:
It may take some time to show the updated status. Note over here that the server is now listening to port 1234.
Now if you try to connect with 'root' as user it won't work, as it is disabled. So from now on we connect user as 'rocket' with the command:
Here we put '-p 1234' at the end of the command as the default port 22 has been changed.
So we have covered up to four security layers in setting up your server:
1) Create new user
2) Disable root login
3) Change default port 22
4) Use SSH key pair to access your server
Now we will proceed with the remaining three security layers:
5) Install fail2ban
6) Use hardware key authentication as an additional layer of security
7) Firewall Settings
Last updated
