Secure the SSH Server

The following configuration is done in the /etc/ssh/sshd_config file.

Disable Root Logins

# Prevent root logins:
PermitRootLogin no

Restrict Login to specific Users

#Restrict login to specific users
AllowUsers alice bob

Disable the Insecure Protocol 1

# Protocol 2,1 
Protocol 2

Use a Non-standard Port

# What ports, IPs and protocols we listen for 
#Port 22 
Port 2345

You will also need to set up proper port forwarding on your router.

Use the -p in the ssh command to specify which port on the server to connect to
$ ssh -p 2345 my server
Or for convenience add an entry to the ~/.ssh/config file

# Client ~/.ssh/config 
Host myserver 
User bob 
Port 2345 

Use Public/Private Keys for Authentication, and Disable Password Authentication

Create a key pair on your client computer
$ ssh-keygen

Append the public key to the authorized_keys file for your user on the server

$ cat >>

cat ~/.ssh/ | ssh -p @ “mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys”

Ensure the proper permissions are set on the server

$ chmod 700 ~/.ssh 
$ chmod 600 ~/.ssh/authorized_keys 

Disable password authentication on the server (in /etc/ssh/sshd_config).

Note that once this is enabled you can only ssh to the server with your private key.

# Disable password authentication forcing use of keys 
PasswordAuthentication no

Restart SSH daemon

$ sudo service ssh restart