Top SSH Security Tips on AlmaLinux 9

If you plan to secure your SSH Server on AlmaLinux 9, here we provide top security tips for SSH Server on AlmaLinux 9. SSH is a protocol used to secure remote logins and file transfers. Securing your SSH Server is essential to increasing your security on AlmaLinux.

In this guide, we provide top security tips for SSH on AlmaLinux 9.

Explore Top SSH Security Tips on AlmaLinux 9

Before you start, you must access your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can check the AlmaLinux 9 Initial Setup Guide.

Now follow the steps below to complete this guide.

Step 1 – Install SSH Server on AlmaLinux 9

SSH server must be installed by default on your AlmaLinux 9. If don’t, you must install it. To do this, you can run the system update and install OpenSSH by using:

# sudo dnf update -y
# sudo dnf install openssh -y

Step 2 – Start and Enable SSH Service on AlmaLinux 9

Once your installation is completed, your SSH service must be activated. You can verify it by using:

sudo systemctl status sshd

Example Output:

Activate SSH Server on AlmaLinux 9

If it didn’t activate, you need to start and enable SSH service. To do this, you can run the following commands:

# sudo systemctl enable sshd
# sudo systemctl start sshd

Step 3 – Configure FirewallD Rules For SSH Server

At this point, we assumed that you have enabled firewalld. Now you must allow SSH traffic through your FirewallD rules. To do this, you can run:

sudo firewall-cmd --add-service=ssh --permanent

Then, reload the firewall to apply the new rules:

sudo firewall-cmd --reload

Step 4 – Increase SSH Security on AlmaLinux 9

At this point, we want to discuss security tips for SSH on your AlmaLinux 9. Follow the steps below to see how you can increase your SSH server security.

Change SSH Default Port

Always it is recommended to change your SSH default port which is port 22. To do this, you must open your SSH config file with your desired text editor like Vi editor or Nano editor:

sudo vi /etc/ssh/sshd_config

At the file, search for the Port directive. Uncomment this line and set your desired port for it. For example, we set it to 4585:

Change SSH Default Port in AlmaLinux

When you are done, save and close the file.

Then, you must allow your SSH port through your firewall rules. In this case, you can run:

# sudo firewall-cmd --permanent --add-port=4585
# sudo firewall-cmd --reload

Note: For more Firewalld settings, you can check Firewalld Configuration on AlmaLinux 9.

Now you can connect to your SSH server by using the following syntax:

ssh -p <port> <username>@<ip_address>

Disable SSH Root Login on AlmaLinux

Another way that you can increase your SSH server security is to disable SSH root logins on AlmaLinux 9. This reduces the risk of brute-force attacks. To do this, open your SSH config file:

sudo vi /etc/ssh/sshd_config

Find the PermitRootLogin line and change its value to No:

Disable SSH Root Login on AlmaLinux

When you are done, save and close the file.

Block SSH Access for Users without Password

If you have users that don’t have a password, you can block the SSH access for them. This will help you to increase your SSH server security on AlmaLinux 9. From your SSH config file, you can look for the PermitEmptyPasswords line, uncomment it, and change its value to No:

sudo vi /etc/ssh/sshd_config
Block SSH Access for Users without Password

When you are done, save and close the file.

Use SSH Protocol 2 in AlmaLinux

As you may know, SSH comes in two versions: SSH Protocol 1 and Protocol 2. Protocol 2 is more secure. To enable SSH Protocol 2, open your SSH config file again:

sudo vi /etc/ssh/sshd_config

Under Include /etc/ssh/sshd_config.d/*.conf section, add the following line:

Protocol 2

When you are done, save and close the file.

Limit SSH Login Attempts

By default, you can access your AlmaLinux 9 server with so many password attempts. You can limit this option to prevent security issues. To do this, from your SSH config file, find the MaxAuthTries line, uncomment it, and change its value to your desired number of attempts. For example:

sudo vi /etc/ssh/sshd_config
Limit SSH Login Attempts

Important Note: Every time you want to edit your SSH config file, remember to restart your SSH service to apply the changes:

sudo systemctl restart sshd

Use SSH Key Pairs

SSH key pairs are two cryptographically secure keys that can be used to authenticate a client to an SSH server. You can use this option to increase your SSH server security in AlmaLinux 9. To do this, you can generate SSH key pairs and connect to your server without a password. For generating SSH key pairs, you can check this guide on Generating SSH Key Pairs in Linux.

Final Thoughts on SSH Server Security

As you must know, SSH server security is an essential component of increasing your server security. By following these tips, you can reduce the risk of attacks. Always remember to keep your system updated and monitored. Hope you enjoy it.

Also, you may like to read the following articles:

Pass password to scp command in Linux using sshpass example

Using SCP to Transfer Files with SSH keys Ubuntu

Using the ssh-copy-id Command

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

POPULAR TAGS

Most Popular