Securing SSH is crucial for protecting servers, cloud instances, and remote systems from unauthorized access. Here are the best security practices to follow when using SSH in Red Hat Linux.

1. Disable Root Login

Allowing direct SSH access for the root user is risky. Disable it to force users to log in as a regular user first and then escalate privileges.

How to Disable Root Login:

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find the line:

PermitRootLogin yes

Change it to:

PermitRootLogin no

Save the file, then restart SSH:

sudo systemctl restart sshd

2. Use SSH Keys Instead of Passwords

Passwords can be guessed or stolen, but SSH keys provide stronger authentication.

How to Set Up SSH Key Authentication:

  • Generate SSH keys on your local machine: 
ssh-keygen -t rsa -b 4096
  • Copy the public key to the remote server: 
ssh-copy-id username@server-ip
  • Ensure the keys are in the correct location: 
ls ~/.ssh/authorized_keys
  • Disable password authentication in SSH config: 
sudo nano /etc/ssh/sshd_config

Change:

PasswordAuthentication yes

To:

PasswordAuthentication no

Restart SSH:

sudo systemctl restart sshd

- Change the Default SSH Port

Attackers often target port 22, the default SSH port. Changing it can reduce automated attacks.

How to Change SSH Port:

Edit the SSH config file:

sudo nano /etc/ssh/sshd_config

Find the line:

Port 22

Change it to another number, such as 2222:

Port 2222

Save the file and restart SSH:

sudo systemctl restart sshd

Now, connect using the new port:

ssh -p 2222 username@server-ip

- Use Fail2Ban to Block Repeated Login Attempts

Fail2Ban helps prevent brute-force attacks by blocking IPs that try too many incorrect logins.

How to Install and Configure Fail2Ban:

  • Install Fail2Ban: 
sudo yum install fail2ban -y
  • Create a configuration file: 
sudo nano /etc/fail2ban/jail.local
  • Add the following rules: 
[sshd]
   enabled = true
   port = ssh
   filter = sshd
   maxretry = 3
   bantime = 600
  • Restart Fail2Ban: 
sudo systemctl start fail2ban

5. Limit SSH Access to Specific IPs

Restrict SSH access to trusted IP addresses to prevent unwanted login attempts.

How to Limit SSH Access:

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Add this line:

AllowUsers username@your-trusted-ip

Restart SSH:

sudo systemctl restart sshd

6. Use Two-Factor Authentication (2FA) for SSH

Adding 2FA makes SSH logins even more secure.

How to Set Up 2FA:

  • Install the Google Authenticator PAM module: 
sudo yum install google-authenticator -y
  • Configure authentication: 
google-authenticator

Follow the on-screen instructions.

  • Edit the SSH PAM configuration: 
sudo nano /etc/pam.d/sshd

Add:

auth required pam_google_authenticator.so
  • Modify the SSH configuration: 
sudo nano /etc/ssh/sshd_config

Add:

ChallengeResponseAuthentication yes
  • Restart SSH: 
sudo systemctl restart sshd

Summary

By applying these advanced security practices, you can significantly reduce security risks when using SSH in Red Hat Linux. Whether you're managing cloud infrastructure, handling servers, or working remotely, securing SSH is a critical step in maintaining a safe computing environment.