Home  >  Article  >  Operation and Maintenance  >  Avoid Common SSH Security Vulnerabilities and Attacks: Protect Your Linux Server

Avoid Common SSH Security Vulnerabilities and Attacks: Protect Your Linux Server

WBOY
WBOYOriginal
2023-09-08 11:02:051562browse

Avoid Common SSH Security Vulnerabilities and Attacks: Protect Your Linux Server

Avoid Common SSH Security Vulnerabilities and Attacks: Protect Your Linux Server

Introduction:
In today’s digital age, Linux servers have become a vital part of many organizations and individuals Indispensable part. However, like all Internet-related technologies, Linux servers also face security threats. Among them, SSH (Secure Shell) is a common protocol for remote management and file transfer. To ensure the security of your Linux server, this article will introduce some methods to avoid common SSH security vulnerabilities and attacks, and provide relevant code examples.

1. Change the SSH default port
By default, the SSH server listens to port 22. This can easily be discovered by hackers who can try to brute force the password. For added security, you can change the SSH port to a non-standard port, such as 2222. This reduces the risk of malicious intrusions. To change the SSH port, edit the SSH server configuration file /etc/ssh/sshd_config, find and modify the following line:

#Port 22
Port 2222

and then restart the SSH service.

2. Disable SSH password login and enable SSH key authentication
SSH password login is vulnerable to brute force attacks. For increased security, we recommend disabling SSH password login and allowing only SSH key authentication. SSH key authentication uses public and private keys for authentication, which is more secure and reliable than traditional password methods.

  1. Generate SSH key pair
    Generate an SSH key pair on the local computer. Open the terminal and enter the following command:

    ssh-keygen -t rsa

    Follow the prompts and the generated key will be saved in the ~/.ssh directory.

  2. Upload the public key to the server
    To upload the generated public key to the server, you can use the following command:

    ssh-copy-id -i ~/.ssh/id_rsa.pub user@your_server_ip

    whereuser is your username, your_server_ip is the IP address of the server.

  3. Modify SSH configuration file
    Edit SSH server configuration file/etc/ssh/sshd_config, find and modify the following lines:

    PasswordAuthentication no
    PubkeyAuthentication yes

    Then restart the SSH service.

3. Restrict SSH user login
In order to increase the security of the server, you can restrict only specific users to log in to SSH. This prevents unauthorized access.

  1. Create a dedicated SSH group
    Create a dedicated SSH user group using the following command on the Linux server:

    sudo groupadd sshusers
  2. Add Allow SSH Accessed user
    Use the following command to add the user to the SSH user group:

    sudo usermod -aG sshusers username

    where username is the username you want to add.

  3. Modify SSH configuration file
    Edit SSH server configuration file/etc/ssh/sshd_config, find and modify the following lines:

    AllowGroups sshusers

    Then restart the SSH service.

4. Limit the number of SSH login attempts
Brute force cracking is one of the common attack methods used by hackers. In order to prevent brute force cracking of SSH passwords, we can limit the number of SSH login attempts and set a period of time for failed login attempts.

  1. Install Failed Login Attempt Counter
    Install fail2ban using the following command:

    sudo apt-get install fail2ban
  2. Configurefail2ban
    Editfail2banConfiguration file/etc/fail2ban/jail.local, add the following content:

    [sshd]
    enabled = true
    port = ssh
    filter = sshd
    logpath = /var/log/auth.log
    maxretry = 5
    bantime = 3600

    Then restartfail2banServe.

Summary:
You can greatly enhance your Linux by changing the SSH default port, disabling SSH password login, enabling SSH key authentication, restricting SSH user logins, and limiting the number of SSH login attempts. Server security and avoid common SSH security vulnerabilities and attacks. Protecting your server from unauthorized access is one of your responsibilities as a system administrator.

The reference code examples are for reference only, and the specific implementation may vary depending on the server environment and requirements. Please exercise caution when implementing this and make sure to back up your data to avoid unexpected situations.

The above is the detailed content of Avoid Common SSH Security Vulnerabilities and Attacks: Protect Your Linux Server. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn