As we all know that every server can be accessible through two ways i.e through Interface and through Terminal. SSH is the protocol mainly used to connect a server remotely in a secure way. Through this SSH program, we can execute commands on the remote server machine, since this protocol provides a secured encrypted connection mode. It is very reliable to use and executes the commands effectively.

The SSH connection request and authenticated, protected remote access is made through the daemon called sshd. sshd(OpenSSH) is a daemon program for ssh, that uninterruptedly runs at the background of Linux/Unix-based servers to support ssh remote program access. The main difference between this daemon and ssh is that “ssh is a command that is used to connect and control remote machines and sshd is the daemon program that serves for ssh connection”.

This sshd process daemon frequently listens to the server network for incoming remote SSH connection requests. This daemon program allows the remote login request in a very secure manner and also supports files transfer by neglecting the risk of credential or network spoofing, in such a way that your server will be in a secured place. By default the sshd daemon (OpenSSH) supports protocols 1 and 2, perhaps we shall edit this protocol options through the sshd_config file. The protocol 2 supports both DSA and RSA keys, but protocol 1 supports RSA key alone. These both two protocols has the host key to identify the host.

The below commands can be useful to change SSH configurations through ssh daemon’s config file, i.e ssh_config,

To strict the IP address versions, use the following commands

sshd -4
sshd -6

In above commands -4 and -6 represents the version of IP addresses, i.e IPv4 or IPv6

To increase the grace time of SSH i.e the allowed time for an SSH client to authenticate its login, use the command

stud -g 15

In the above command, the numeric 15 represents that the grace time of 15 seconds for an SSH client to ensure or authenticate it’s login.

To change your SSH from default to some another port number,

Every sshd_config having the port number 22 as default SSH access, it meant that the port 22 is responsible for all encrypted connection. All the SSH remote connection happens through this port. We ServerCake India highly recommend you to change the default SSH port number, All you need to do is to replace the port number with your desired port. The below steps will help you to complete this task.

Step 1: Login your SSH as root user

Step 2: Run the below command as a root user

vi /etc/ssh/sshd_config

In the above command, we used vi Editor, you may use your favorite editor instead.

Step 3: Once the sshd_config audible for Edit, Fin the #Port 22 line and replace the port number 22 with your desired port number and save the file.

Step 4: Restart the sshd service to apply the recently made changes

service sshd restart
The port that you assigned for SSH should open in all server firewalls.
To restrict the root SSH login and enable wheel user login,
Preventing root SSH login is one of the additional security methods to secure your server more, follow the below steps in putty to make the stated changes.
Step 1: Add the admin user in your wheel group
WHM -> Security sender -> Manage wheel group users

Step 2: Run the below command as a root user and find the parameter – PermitRootLogin Yes, change this to no

vi /etc/ssh/sshd_config

Step 4: Restart the sshd service to apply the recently made changes

service sshd restart
 Once you crossed every above step try login your SSH as root, it should through you a message like a root login has restricted. Then try as wheel user and use su command that will bring you to root login

Categorized in:

Tagged in:

, ,