SSH is the primary remote access method for Linux and Unix servers, making its security configuration critically important. A compromised SSH service gives an attacker direct shell access to the server, so hardening SSH should be a top priority in any server security plan.
Key-Based Authentication and Access Controls
Disable password authentication entirely and require SSH key pairs for all access. Generate keys with at least 4096-bit RSA or use Ed25519 for better security with shorter keys. Distribute public keys using a centralized configuration management system to ensure consistency and enable rapid key revocation when an employee departs.
Restrict SSH access to specific users and groups using the AllowUsers and AllowGroups directives. Change the default port from 22 to reduce noise from automated scanning bots, though this is not a security measure in itself. Implement port knocking or a VPN requirement for an additional layer of access control before the SSH service is even reachable.
Configure fail2ban or similar tools to monitor auth.log and automatically ban IP addresses after a configurable number of failed authentication attempts. Set ClientAliveInterval and ClientAliveCountMax to terminate idle sessions. Enable verbose logging and ship SSH authentication logs to your centralized log management system for correlation with other security events.