Keep your server safe with a few extra steps. SSH is essential to server management. This post will walk you though some of the options available to harden OpenSSH. The instructions may work for other flavors of Linux but is intended fro Ubuntu 16.04 LTS. Warning: Messing with how SSH works can be dangerous. You can very easily lock yourself out of the server. Be careful. OpenSSH Server Configuration The settings file for OpenSSH on Ubuntu 16.04 is located at /etc/ssh/sshd_config. You will need to be root or use sudo to edit and control the SSH server. Backup Configuration File It is always a good idea to make a backup of any configuration files before editing them. cp /etc/ssh/sshd_config /etc/ssh/backup.sshd_config Editing the Configuration File I am not fancy so, I use nano for configuration file edits. nano /etc/ssh/sshd_config SSH Configuration Test After editing the configuration file you should test that it is valid before reloading the service. sshd -t Reload the Configuration File Once you think your edits are good, reload the SSH daemon. sudo systemctl reload sshd Check the Protocol Our very first edit will be very simple. It is really more of a double check than an edit. Open /etc/ssh/sshd_config and check the line that starts with Protocol. Make sure it is set to 2 and not 1. The current default is 2. Protocol 2 Disable Root Instead of using root, we should be using connecting as user with sudo permission. Make sure you have sudo setup properly before continuing. So let’s disable the ability of root to login using SSH. Inside the configuration… Read more