First time opening an SSH server to internet, what to check
I've been running a few servers for a relatively long time, but I always only rented them, so I don't have much experience securing the actual server (as opposed to the application I'm running on it).
Now I feel like opening up my small home SSH server to the internet.
I will be the only one using it, my passwords are complicated enough, I've changed the default SSH port to something around 4000, the only accessible port is this SSH port through port-forwarding on my router/firewall, and it gets updated automatically every night (it runs Arch Linux, a rolling release distribution).
What are, if any, other things I should do to keep it secure?
Thanks!
Solution 1:
Make sure root logins are disabled PermitRootLogin no
. I would also consider disabling passwords altogether PasswordAuthentication no
and use public keys PubkeyAuthentication yes
.
Solution 2:
Make sure only SSH-2 is allowed (since SSH-1 has raised some security concerns in the past):
Protocol 2
Specify which are the only users allowed to login via SSH:
AllowUsers bob, john
For increased security, disallow password authentication and use public-key authentication:
PasswordAuthentication no
PubkeyAuthentication yes
Note: this tutorial contains instructions for creating keys and configuring public-key authentication.