OpenSSH server – Enable and secure on Ubuntu 16.04 LTS
The OpenSSH server can authenticate users using the standard methods supported by the ssh protocol: with a password; public-key authentication, using per-user keys; host-based authentication, which is a secure version of rlogin’s host trust relationships using public keys; keyboard-interactive, a generic challenge-response mechanism that is often used for simple password authentication but which can also make use of stronger authenticators such as tokens; and Kerberos/GSSAPI.
This article will cover steps needed for root level OpenSSH access. Security can be greatly increased by disabling ssh root login permission (and enabling restricted user access), or by using public keys.
First of all pull the latest versions for all the available packages:
sudo apt update
When the task is complete, install openssh-server
sudo apt install openssh-server
If no errors are shown, check if the service is running
sudo service ssh status
Ok, so now that OpenSSH is installed and running, move on to securing the server.
Inside this file you will find multiple variables:
Search for Port and change the default value of 22 to something a bit more difficult to guess (for example: Port 13899). You can use any open port between 1024-65535.
Find MaxAuthTries and change the default value to 3. This helps prevent burte-force attacks.
After you have saved the changes to the config file, restart ssh service:
sudo service ssh restart