over 7 years ago
On Ubuntu 14.04, the conifg file for sshd is located at:
/etc/ssh/sshd_config
Before making any modification, make a copy of the original config and make it read-only:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
Then, open up sshd_config and modify the following lines:
LogLevel VERBOSE # also logs failed attempts, the log file can be found at /var/log/auth.log
AllowUsers user1 user2@10.0.0.1 # only allow user1 and user2 from 10.0.0.1 for example
PasswordAuthentication no # disable password login, use public key login instead
AllowTcpForwarding no # do not allow forwarding
X11Forwarding no
Restart ssh service to make the new config effective:
sudo service ssh restart
To limit the number of login attempts during a time period, enable the Uncomplicated Firewall by:
sudo ufw enable
Then, limit the number of ssh login attempts within 30 seconds to be 10 tries. More attempts will be dropped by issuing this command:
sudo ufw limit ssh
How to config your client
Once the server config has taken effect, you need to update your client ssh config which is found at ~/.ssh/config on your computer.
Host tinBox
HostName 11.12.13.14
User root
PubKeyAuthentication Yes
IdentityFile ~/.ssh/private_key
Make sure PubKeyAuthentication and a absolute/relative path to the private_key are added.
