Enable face it, the Secure Shell (SSH) daemon running on your VPS is the most sensitive service available to attack on your system. Any hacker worth their sodium will first try to get access to your VPS via SSH along with 99. 9% of all VPS attached to the internet run this service by default and on their public IP.
If somebody gains entry to your VPS via the SSH assistance, you
can kiss your information and entire VPS goodbye. This can be a ultimate
goal for any would-be hacker thus, needs to be the right off the bat
you secure as a VPS supervisor.
I'm likely to show you how to take three simple precautions with all
the SSH service that will quit most hackers and script kiddies inside
their tracks. So what will anyone learn?
How and why to change the port SSH listens upon
How to disable password based use of SSH and only allow critical based access
Monitor failed SSH login attempts and automatically block the originating IP using an Intrusion Detection System
Using the three steps outlined above it is possible to greatly
improve the security regarding any publicly available SSH service
running with a VPS and with no further financial cost to yourself, and
so let's gets started.
Changing the actual SSH Listening Port
This is the easiest of the three measures to implement, but it
really does reduce how many unauthorised login attempts to the VPS via
the SSH services. The default SSH port will be 22 and every security
check made against a VPS will always check if this port can be open. So
let's close it through moving the port well dealt with.
Login to your VPS with root privileges
Edit the following file /etc/ssh/sshd_config (e. g. mire
Change the Port entry by 22 to something between 1025 and 65535 making
sure you aren't already using the port for something different (run
netstat -nap to check)
Spend less the changes
Restart the SSH program (normally /etc/init. d/sshd restart)
In addition, changing the default port also makes it simple for
you to catch unauthorised people seeking to gain access the SSH service
when used in conjunction with the Intrusion Detection System detailed
later on in this post, so changing the SSH port is indeed a win, win