Join egghead, unlock knowledge.

Want more egghead?

This lesson is for members. Join us? Get access to all 3,000+ tutorials + a community with expert developers around the world.

Unlock This Lesson
1×
Become a member
to unlock all features

Level Up!

Access all courses & lessons on egghead today and lock-in your price for life.

Autoplay

    Modify server configuration to lock down incoming SSH connections

    Mark ShustMark Shust
    bashBash

    Learn how to modify the sshd_config configuration file to lock down incoming SSH connections. You can filter and prevent incoming SSH connections by username, IP address, as well as other methods.

    Code

    Code

    Become a Member to view code

    You must be a Member to view code

    Access all courses and lessons, track your progress, gain confidence and expertise.

    Become a Member
    and unlock code for this lesson
    Discuss

    Discuss

    Transcript

    Transcript

    Instructor: 0:01 SSH by default is fairly secure. However, there are a few configuration settings you can modify to make things even more secure. Open up the sshd configuration file located at /edc/ssh/sshd_config. In this file, disable the ability to log in to the root user by toggling PermitRootLogin to no.

    0:28 If you would still like to be able to access the server with root, but don't want passwords to be used, you can also specify prohibit-password as the value, which will disable logins to root by password, but allow other connections with SSH keys. You can also completely disable password authentication for the entire server by setting the value for PasswordAuthentication to no.

    0:54 Let's say you want to lock things down even further, and only allow SSH connectivity for specific users. Search for or create the AllowUsers directive. The value for this option is a space-delimited list of users, or user IP connection strings. In this manner, you can lock down SSH for only specific users.

    1:17 You can also allow specific users only coming from specific IP addresses, or you can allow all users connecting from specific IP addresses. Be sure to restart the SSH service after applying updates to the configuration file by running service ssh restart.