Secure SSH Like a Pro – Advanced Hardening Guide

📅 April 15, 2026 ✍️ Ahmad Naamna Security ⏱️ 1 min read 👁️ 2 views
📌 Quick Summary
    🧱 Table of Contents

    SSH is the main entry point to your server — which makes it the #1 target for attackers.

    Basic hardening is not enough.

    In this guide, you’ll take SSH security to the next level.

    🔹 Change Default SSH Port

    Edit config:

    sudo nano /etc/ssh/sshd_config

    Change:

    Port 2222

    🔹 Disable Root Login

    PermitRootLogin no

    🔹 Use SSH Keys Only (Disable Passwords)

    PasswordAuthentication no

    👉 Generate key:

    ssh-keygen -t ed25519

    Copy key:

    ssh-copy-id user@server-ip

    🔹 Limit Login Attempts

    MaxAuthTries 3
LoginGraceTime 30

    🔹 Allow Only Specific Users

    AllowUsers youruser

    🔹 Restart SSH

    sudo systemctl restart ssh

    ⚠️ Keep your session open while testing!

    🔹 Use Firewall Protection

    Example with UFW:

    sudo ufw allow 2222/tcp
sudo ufw enable

    🔹 Extra Protection Layers

    • 🔐 Combine with Fail2Ban
    • 🌍 Restrict access by IP (like you already do 🔥)
    • 🔑 Use hardware keys (YubiKey)

    🔹 Check Logs

    sudo journalctl -u ssh

    🔹 Common Mistakes

    ❌ Locking yourself out
    ❌ Not opening new port in firewall
    ❌ Weak SSH keys

    🔹 Conclusion

    With proper SSH hardening:

    • You eliminate 90% of attacks
    • Your server becomes significantly safer
    • You gain full control over access

    Related Posts

    More posts from similar topics

    Leave a comment

    Your email address will not be published. Required fields are marked *