In Part 1, we'll be discussing various ways to secure your SSH terminal. Before attempting any of these instructions, PLEASE, read the entire article first so you know what to expect! If you have any questions, ask us before attempting anything found here. We'll be glad to help clarify things for you.
1. ALWAYS use a strong and unique password!
You will also not want to use a password that you use anywhere else. If one of your other accounts that use the same password is compromised there's a chance your terminal can be, too! Hackers will try brute-force or other types of forceful attacks where they will throw hundreds, if not thousands, of generated passwords very quickly at an account in hopes of breaking in. You can do a search on the net for a password generator website or find a program you can download and use that. ALWAYS KEEP YOUR PASSWORDS SAFE!!!
2. Change your default SSH port from 22 to another port.
The default port for the SSH service is Port 22. Hackers already know this. Changing it makes it much harder for them to break in. There are 65,535 ports and some of them are already in use. The "Well Known Ports" are 1-1023 are already in use and should not be used. There are ways of finding out which other ports are already in use so you won't try to use one and cause a conflict. We'll discuss that in another article but a quick search on the net will show you a number of ways on how to do this.
In the following examples, we'll change the SSH port from "Port 22" to "Port 1234". To change your port, open your /etc/ssh/sshd_config file and edit the following line:
- #Port 22
Remove the hash "#" and change the number "22" to "1234". Always pick a number above 1023 and that is not in use. Now, that line should look like this:
- Port 1234
Notice the missing hash sign "#"! Save the file and close it.
In your terminal of choice, change the port number for the session's settings you are using to the same port number you've just changed to in the last step above.
Then you'll need to restart the SSH service with ONE of the following commands. Both are not needed...only one:
- service sshd restart
- /etc/init.d/sshd restart
If the command above worked you should see something in your terminal alerting you that the service was restarted or rebooted.
Do not forget to restart the service or you will not be able to use SSH until you do or you may have to reboot your server which will make your sites inaccessible until the reboot process is complete. During that time anything you or your users where doing may be lost! Some control panels, such as WHM/cPanel, will allow you to restart the service from inside the panel avoiding rebooting the server, while others may not. If you do not restart the service before you logout of SSH you may have contact us to see if we can help. When doing so, please specify what control panel you have installed.
That's all for now...more to come later! ;)