Hardening SSH

I use SSH on a daily basis, both with my Digitalocean cloud servers, as well as my home media servers.
I was doing a some research on how to make my connections a little more secure. There are a few simple things you can do in just a few minutes to accomplish this.

Block root access

Once you are logged into your server, either remotely or with physical access, type the following command
vi /etc/ssh/sshd_config Once there, you will see a line that says PermitRootLogin simply change the default "yes" to "no". After doing this, you will need to restart ssh by typing service ssh restart

Change port number

In that same sshd_config file, you can change the port number from the default 22 to whatever you want, as long as it's not in use by another service. Keep in mind, you will need to open the new port you have chosen on your firewall and define that port number when you login.

Block users

In sshd_config you will also see an Authentication section. Here, you will need to add the line AllowUsers and then add the names of authorized users, seperating each with a space. Now, these users will be the only ones allowed in via SSH. If this is a remote server, be sure to test your changes before removing root access.
Feel free to contact me dennis@thecommongeek.com