How to Secure SSH Access in Linux

 Introduction

SSH (Secure Shell) is the most common method for remotely accessing Linux servers. However, if left with default settings, it can be a target for brute-force attacks and unauthorized access. Securing SSH is an essential step to protect your server from threats. In this guide, we will cover practical ways to secure SSH access in Linux.

Step 1: Disable Root Login

Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find the line:

PermitRootLogin yes

Change it to:

PermitRootLogin no

➡️ This prevents attackers from directly logging in as root.

Restart SSH:

sudo systemctl restart ssh

Step 2: Change the Default SSH Port

In the same file /etc/ssh/sshd_config, look for:

#Port 22

Change it to another port (e.g., 2222):

Port 2222

Restart SSH:

sudo systemctl restart ssh

➡️ This makes it harder for automated bots scanning port 22.

Step 3: Use Key-Based Authentication

Generate SSH keys on your local machine:

ssh-keygen -t rsa -b 4096

Copy the public key to the server:

ssh-copy-id user@server

➡️ Now you can log in without a password, and disable password-based login for extra security.

Step 4: Disable Password Authentication

Edit /etc/ssh/sshd_config again and set:

PasswordAuthentication no

Restart SSH:

sudo systemctl restart ssh

➡️ This ensures only key-based logins are allowed.

Step 5: Limit User Access

Restrict which users can log in via SSH by adding this line to sshd_config:

AllowUsers yourusername

➡️ Replace yourusername with the actual allowed user.

Conclusion

By disabling root login, changing the default port, using SSH keys, and restricting access, you significantly increase the security of your Linux server. Always remember: securing SSH is one of the most important tasks for any system administrator.