Linux SSH Server (sshd) Configuration and Security Options With Examples
Last Updated :
20 Mar, 2025
SSH is short for Secure Shell or Secure Socket shell. According to Wikipedia, the Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. sshd is short for Secure shell daemon. SSH is one of the most reliable ways that you can choose to secure your Linux server-Virtual Private Server, which may be hosted on the Cloud or a server that you have hosted locally on your machine.
This article assumes that you already have ssh utilities installed on your Linux machine.
Configuration and Security Options
Step 1: Generate ssh key pairs using the keygen utility.
Open your Linux terminal and connect to your server. Next on the client side(open another terminal) run the following commands to log in using ssh key pairs. To generate public and private key pairs execute the below command:
ssh-keygen -t rsa -b 2048 -C “put any comments here”
To view, the id_rsa.pub key, then run execute the below command.
cat .ssh/id_rsa.pub
The below command lists the contents of the id_rsa file.
cat.ssh/id_rsa
Step 2: Now copy the keys to your virtual machine
Run the below command on your machine to copy the keys.
ssh-copy-id {username}@{ipaddress}
Step 3: If you want to disable password authentication, open sshd configuration by running(It is recommended)
sudo vim /etc/ssh/sshd_config
Look for the PasswordAuthentication option and change it to no
Remove the “#” symbol before the PasswordAuthentication (or any option that you wish to modify) and change it to no. Make sure that the PubkeyAuthentication is set to yes The authorized keys file shows all the keys that you have generated.
Now restart the ssh service by running the below command:
systemctl restart ssh
When you open the sshd configuration, you will notice many options there. We will discuss some of them here.
Option 1: Port 22
The port by default is set to 22. If you wish to change the default settings, remove the comments and enter a port of your choice. It is recommended that you do not use port 22 as anyone trying the infiltrate your system is most likely to check port 22 for vulnerabilities first.
changing port number
Option 2: AddressFamily
This allows you to configure the type of addresses you want to connect to your server like ssh, bastion(for linux machine hosted virtually on Microsoft Azure), ipv4, ipv6, etc. The default is ‘Any’ which allows you to connect to your server using any protocol.
Option 3: MaxAuthTries
This allows you to set the maximum limit to wrong password entries. It is essential because it helps to protect your server against possible brute-force attacks.
Option 4: MaxSessions
This option allows you to enter a limit on the number of sessions that a user can have active. Just in case the user ever leaks their passwords, this option provides additional security.
Max Auth Tries and Max Sessions- changing the defaults
Option 5: Choosing your desired algorithm
The default algorithm for public and private keys is the RSA algorithm. However, you can change the type of the algorithm to suit your needs using the following key generation command:
ssh-keygen -t {put the name of your desired algorithm over here} -b 2048 -C “put any comments here”
Similar Reads
Spring Security Project Example using Java Configuration
Spring Security is a powerful framework for securing Java web applications. It provides authentication (verifying users) and authorization (controlling access) to protect our app from threats like CSRF attacks, session fixation, and brute-force attacks. With easy integration into Spring Boot and sup
6 min read
Securing Spring Cloud Config Server with Basic Authentication
Spring Cloud Config Server provides externalization for distributed systems. With the increasing importance of microservices, centrally managing configurations becomes crucial. Securing this configuration server is equally important to prevent unauthorized access. Basic authentication is a simple an
4 min read
Installation and configuration of DHCP server on UBUNTU
A network technology called Dynamic Host Configuration technology (DHCP) allows the host of all the systems to receive IP addresses and associated network configurations automatically from an internal server. It makes using services like DNS, NTP, and any UDP or TCP-based communication protocol poss
4 min read
Configuring Port Security on Cisco IOS Switch
Overview :Switch is a network device, which is configured to connect and maintain communication channel between various devices. Ethernet ports are present on a switch, which are used to connect devices, such as Router, computer system and Laptop in the network. To connect all these network, Etherne
4 min read
How to use SSH to connect to a remote server in Linux | ssh Command
Secure Shell, commonly known as SSH, is like a super-secure way to talk to faraway computers, called servers. It's like a secret tunnel on the internet that keeps your conversations safe and private. Imagine you're sending a letter, and instead of sending it openly, you put it in a magic envelope th
8 min read
Setting Up and Configuring a Linux Mail Server
Setting up and configuring a Linux mail server is a crucial task for individuals and organizations seeking to manage their email communication efficiently and securely. This article will guide you through the process of establishing a robust mail server on a Linux system, covering essential steps su
7 min read
How to Control Systemd Services on Remote Linux Server
Linux, SysV, and LSB init scripts are compatible with Systemd, a system and service manager. Aggressive parallelization capabilities are offered by Systemd, which also offers on-demand daemon starting and uses Linux cgroups to keep track of processes. Systemd also supports system snapshotting and re
2 min read
Implementing OAuth2 with Spring Security: A Step-by-Step Guide
OAuth is an authorization framework that creates a permissions policy and enables applications to have limited access to user accounts on HTTP services such as Facebook, GitHub, and Google. It works by allowing the users to authorize third-party applications to access their data without sharing thei
8 min read
username Command in Linux With Examples
Linux as an operating system holds the capabilities of handling multiple users each with a username and a display name (Full Name). So it is important to keep a check on the users and their related information in order to maintain the integrity and security of the system. Whenever a user is added it
4 min read
How to Setup Central Logging Server with Rsyslog in Linux
This article will show us how to use Rsyslog to set up Linux as a centralized logging service. When managing logs from various systems, a centralized Rsyslog setup is advantageous. All log entries from client servers will be sent to the host server, which will allow them to be monitored and preserve
4 min read