Tips for Secure Shell login in Linux

Secure Shell is simply called as ssh, it is a network protocol used to connect and transfer data to a remote system by secured communication. The SSH protocol is mostly used in Unix-like operating System, that replaced the telnet. The Default port number of ssh protocol is 22. All the Linux Flavours are comes with Openssh. There are so many configuration options in SSH to maintain the more secure communication.

 

Configuration File of SSH

 

/etc/sshd/sshd_config

 

Configuration Tips :

 

Open the Configuration file of SSH and use the following tips more secure communication via SSH.

 

* To Change the default port number to SSH

 

port  22               <— default port no in SSH configuration file

 

port  6589             <—- Change to any number as you want

 

* To Allow only Specified users of the system to login via SSH

 

AllowUsers login-user1 login-user2                          

 

SSH login is allowed only for this specified users

 

 

* To Deny Specified users of the system to connect via SSH

 

DenyUsers login-user3 login-user4                       

 

SSH login is denied for this specified group users

 

 

* To Allow only Specified group users of the system to login via SSH

 

AllowGroups group1 group2                               

 

SSH login is allowed only for this group users

 

 

* To Deny Specified Group users of the system to connect via SSH

 

DenyGroups group2 group3                            

 

SSH login is denied for this specified group users

 

 

* To Give grace time to Enter the password

 

LoginGraceTime 20s                                 

 

Grace time for login is given as 20s, after 20s the connection will closed

 

 

* To specified the Maximum try of password Authentication

 

MaxAuthTries 2               

 

After two failure with wrong password login attempt the connection will be closed from Server

 

 

* To deny Users without password from remote login

 

PermitEmptyPasswords no       

 

This Deny the Users without login passwords for remote login via SSH

 

 

* To Deny the direct root login via SSH

 

PermitRootlogin no            

 

The value ‘ no ‘ will deny the root login in SSH, if the value is ‘ yes ‘ means it will allow root login

 

 

* To Deny the Public Key Authentication

 

PubkeyAuthentication no    

 

The Value ‘ no ‘ will deny the publickey Authentication in SSH. if the value is ‘ yes ‘ it will allow Publickey login