SSH stands for secure shell protocol which is a high encrypted one to communicate between servers. Most of people need to configure SSH Linux to log in server via secure path. As we know that many countries impose hard restriction on some websites like live broadcast and social networking services. So, many of them are in need to configure SSH Linux.
How to configure SSH Linux server?
Install OpenSSH server via the following command:
sudo apt-get install openssh-server
You will need to configure SSH Linux through editing the sshd_config file in the /etc/ssh directory.
Note: Don’t mix between these two extensions “sshd_config file” and “ssh_config file”. The fire one is the configuration file for OpenSSH server and the other is the configuration file for OpenSSH client.
Don’t forget to make a backup of your sshd_config file either by copying it to your home directory, or by making a read-only copy in /etc/ssh by doing.
Commands to do that:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
Once you have backed up your sshd_config file, you can make changes via with any text editor, follow the command line:
sudo gedit /etc/ssh/sshd_config
This command “sudo” is for Ubuntu 12.04 and up. To use it for older versions replace “sudo” with “gksudo”.
After you made changes, restart SSH via this command:
sudo restart ssh
How to configure SSH Linux safely?
To configure SSH Linux via a way which ensures balancing between easy-to-use and security, you will need to disable password authentication. A lot of people configure SSH Linux with weak passwords and easy to hack from many online attackers. The best solution to this problem to use SSH keys instead of passwords to be as hard as to guess SSH key. To disable password authentication replace the following line in your sshd_config file with the next line under it
#PasswordAuthentication yes
PasswordAuthentication no
Save your sshd_config file and restart SSH server, you won’t be asked for a password when you log in.
To disable forwarding replace the following first two lines in your sshd_config file with the next two line under it:
AllowTcpForwarding yes
X11Forwarding yes
AllowTcpForwarding no
X11Forwarding no
To specify which accounts can use SSH:
For example, allow Tom and Smith to connect to SSH write the following line at the bottom of config file:
AllowUsers Tom Smith
To deny them:
DenyUsers Tom Smith
You can limit the rate of which IP address can establish new SSH connection by configuring the uncomplicated firewall “ufw”
Via command line “sudo ufw limit ssh”