SSH Security: Protecting Your Linux Server from Threats

Great article, thanks! I would also add “port knocking” way here.

Thanks again, @vintka, for the great suggestion! Welcome to the forums

Let me add that info here in the article discussion as it is indeed via your suggestion.

Port knocking is a security technique used to protect servers from unauthorized access. It involves opening ports on demand by “knocking” on a predefined sequence of ports in a specific order.

Here’s how to set up port knocking on Ubuntu:

1. Install the Knockd daemon:
   sudo apt update && sudo apt install knockd

2. Configure Knockd: Edit the Knockd configuration file:
   sudo vi /etc/knockd.conf

Define the port sequences and commands to execute. For example:

[options]
UseSyslog

[openSSH]
sequence    = 1000,2000,3000
seq_timeout = 5
command     = /sbin/iptables -A INPUT -s %IP% -p tcp --dport xxxx -j ACCEPT
tcpflags    = syn

[closeSSH]
sequence    = 3000,2000,1000
seq_timeout = 5
command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport xxxx -j ACCEPT
tcpflags    = syn

In this example:

• openSSH: Opens the SSH port (replace xxxx with your SSH port) when the sequence 1000,2000,3000 is knocked.
• closeSSH: Closes the SSH port when the reverse sequence 3000,2000,1000 is knocked.

3. Start the Knockd daemon:
   sudo systemctl enable knockd sudo systemctl start knockd

That’s it! Be sure to test your configuration thoroughly before deploying it in a production environment.

One of best ideas instead blacklisting or whitelisting some users or ip address is using a strong password for your user profile so it’s difficult to crack it and connect trough SSH.

Yes. Only if using keys isn’t an option. But even then, with strong passwords those attempting brute force should be blocked. I like using the honeypot project and also blocks by country using MaxMind.

Bookmarked! Great article, well explained