Linux SSH Server (sshd) Configuration and Security Options With Examples
Last Updated :
20 Mar, 2025
SSH is short for Secure Shell or Secure Socket shell. According to Wikipedia, the Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. sshd is short for Secure shell daemon. SSH is one of the most reliable ways that you can choose to secure your Linux server-Virtual Private Server, which may be hosted on the Cloud or a server that you have hosted locally on your machine.
This article assumes that you already have ssh utilities installed on your Linux machine.
Configuration and Security Options
Step 1: Generate ssh key pairs using the keygen utility.
Open your Linux terminal and connect to your server. Next on the client side(open another terminal) run the following commands to log in using ssh key pairs. To generate public and private key pairs execute the below command:
ssh-keygen -t rsa -b 2048 -C "put any comments here"
To view, the id_rsa.pub key, then run execute the below command.
cat .ssh/id_rsa.pub
The below command lists the contents of the id_rsa file.
cat.ssh/id_rsa
Step 2: Now copy the keys to your virtual machine
Run the below command on your machine to copy the keys.
ssh-copy-id {username}@{ipaddress}
Step 3: If you want to disable password authentication, open sshd configuration by running(It is recommended)
sudo vim /etc/ssh/sshd_config
Look for the PasswordAuthentication option and change it to no
Remove the "#" symbol before the PasswordAuthentication (or any option that you wish to modify) and change it to no. Make sure that the PubkeyAuthentication is set to yes The authorized keys file shows all the keys that you have generated.
Now restart the ssh service by running the below command:
systemctl restart ssh
When you open the sshd configuration, you will notice many options there. We will discuss some of them here.
Option 1: Port 22
The port by default is set to 22. If you wish to change the default settings, remove the comments and enter a port of your choice. It is recommended that you do not use port 22 as anyone trying the infiltrate your system is most likely to check port 22 for vulnerabilities first.
changing port numberOption 2: AddressFamily
This allows you to configure the type of addresses you want to connect to your server like ssh, bastion(for linux machine hosted virtually on Microsoft Azure), ipv4, ipv6, etc. The default is 'Any' which allows you to connect to your server using any protocol.
Option 3: MaxAuthTries
This allows you to set the maximum limit to wrong password entries. It is essential because it helps to protect your server against possible brute-force attacks.
Option 4: MaxSessions
This option allows you to enter a limit on the number of sessions that a user can have active. Just in case the user ever leaks their passwords, this option provides additional security.
Max Auth Tries and Max Sessions- changing the defaultsOption 5: Choosing your desired algorithm
The default algorithm for public and private keys is the RSA algorithm. However, you can change the type of the algorithm to suit your needs using the following key generation command:
ssh-keygen -t {put the name of your desired algorithm over here} -b 2048 -C "put any comments here"
Similar Reads
Spring Security Project Example using Java Configuration
Spring Security is a powerful framework for securing Java web applications. It provides authentication (verifying users) and authorization (controlling access) to protect our app from threats like CSRF attacks, session fixation, and brute-force attacks.With easy integration into Spring Boot and supp
6 min read
Auditd Tool for Security Auditing on Linux Server
Auditd is short for Linux Audit Daemon which is a tool in Linux used for the process of collecting and writing the audit log files of the system. The term "daemon" is used for the processes which run in the background of service in work, this means that this tool is continuously operating behind the
4 min read
Spring Security - Custom Form Login with Example
Spring Security is a framework that allows a programmer to use JEE components to set security limitations on Spring-framework-based Web applications. In a nutshell, it’s a library that can be utilized and customized to suit the demands of the programmer. Because it is a part of the same Spring famil
8 min read
Securing Spring Cloud Config Server with Basic Authentication
Spring Cloud Config Server provides externalization for distributed systems. With the increasing importance of microservices, centrally managing configurations becomes crucial. Securing this configuration server is equally important to prevent unauthorized access. Basic authentication is a simple an
4 min read
Configuring Port Security on Cisco IOS Switch
Overview :Switch is a network device, which is configured to connect and maintain communication channel between various devices. Ethernet ports are present on a switch, which are used to connect devices, such as Router, computer system and Laptop in the network. To connect all these network, Etherne
4 min read
usermod command in Linux with Examples
usermod command or modify user is a command in Linux that is used to change the properties of a user in Linux through the command line. After creating a user we have to sometimes change their attributes like password or login directory etc. so in order to do that we use the Usermod command. The info
4 min read
How to use SSH to connect to a remote server in Linux | ssh Command
Secure Shell, commonly known as SSH, is like a super-secure way to talk to faraway computers, called servers. It's like a secret tunnel on the internet that keeps your conversations safe and private. Imagine you're sending a letter, and instead of sending it openly, you put it in a magic envelope th
8 min read
How to Control Systemd Services on Remote Linux Server
Linux, SysV, and LSB init scripts are compatible with Systemd, a system and service manager. Aggressive parallelization capabilities are offered by Systemd, which also offers on-demand daemon starting and uses Linux cgroups to keep track of processes. Systemd also supports system snapshotting and re
2 min read
username Command in Linux With Examples
Linux as an operating system holds the capabilities of handling multiple users each with a username and a display name (Full Name). So it is important to keep a check on the users and their related information in order to maintain the integrity and security of the system. Whenever a user is added it
4 min read
limits.conf File To Limit Users, Process In Linux With Examples
Linux gives full control over the system. In this article, we are going to learn about the file limits.conf. limits.conf is a configuration that is used to limit the resources to the user, groups. Now let's understand the file structure of limits.conf and how can we use the limits.conf to limit reso
6 min read