Securing SSH and the root login configuration
For this section, we are going to show some basic and advanced ways to secure the SSH service to mitigate more threats. We will need to make some minor changes to the /etc/ssh/sshd_config file. We will explain every line as we change it gradually:
$ sudo nano /etc/ssh/sshd_config
Uncomment the SSH version 2 line to use only the newer version of SSH, which is more secure and reliable. The line should look like the following:
Protocol 2
We can limit users' access to restrict some users from accessing the server. We do this using SSH:
DenyUsers Baduser1 baduser2
Then we can set up the time out for the SSH connection to always close the sessions that are not active for a defined period of time. We need to set the countdown to start from the moment the session became idle:
ClientAliveInterval 360 ClientAliveCountMax 0
Then we can disable the root login using SSH:
PermitRootLogin no
In addition, we can disable empty password usage, whereby users do...
