over 1 year ago

On Ubuntu 14.04, the conifg file for sshd is located at:

/etc/ssh/sshd_config

Before making any modification, make a copy of the original config and make it read-only:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
sudo chmod a-w /etc/ssh/sshd_config.factory-defaults

Then, open up sshd_config and modify the following lines:

LogLevel VERBOSE # also logs failed attempts, the log file can be found at /var/log/auth.log

AllowUsers user1 user2@10.0.0.1 # only allow user1 and user2 from 10.0.0.1 for example

PasswordAuthentication no # disable password login, use public key login instead

AllowTcpForwarding no # do not allow forwarding

X11Forwarding no

Restart ssh service to make the new config effective:

sudo service ssh restart

To limit the number of login attempts during a time period, enable the Uncomplicated Firewall by:

sudo ufw enable

Then, limit the number of ssh login attempts within 30 seconds to be 10 tries. More attempts will be dropped by issuing this command:

sudo ufw limit ssh

How to config your client

Once the server config has taken effect, you need to update your client ssh config which is found at ~/.ssh/config on your computer.

Host tinBox
HostName 11.12.13.14
User root
PubKeyAuthentication Yes
IdentityFile ~/.ssh/private_key

Make sure PubKeyAuthentication and a absolute/relative path to the private_key are added.

← Enable logging in Postgresql The Number of Parallel Connections →
 
comments powered by Disqus