NagaShield Security
Back to blog
Technical 4 min 27 April 2026

I Secured My SSH in Less Than 10 Minutes. Here's Exactly What I Did.

SSH Linux Hardening SysAdmin DevOps
Share LinkedIn X / Twitter

SSH remains one of the main entry points for attacks — and many servers are still poorly configured.


In less than 10 minutes, I applied a simple and effective checklist. Here is exactly what I did.

❌ The Most Common Mistakes I See

Root login enabled

Primary target for attackers

Password authentication

Unlimited brute force facilitated

Port 22 exposed

Continuously scanned by bots

No blocking mechanism

Unlimited attack attempts

Unrestricted access

Maximum attack surface

💾1. Back Up Your Config

👉 Always. Before any change.

  • cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
  • Verify the backup is readable
  • Keep a session open during testing

🚫2. Disable Root Access

👉 PermitRootLogin no

  • Edit /etc/ssh/sshd_config
  • Create a dedicated user with sudo
  • Verify the non-root account works

🔑3. Enforce SSH Key Authentication

👉 PasswordAuthentication no

  • Generate a key pair (ssh-keygen -t ed25519)
  • Copy the public key to the server
  • Disable passwords only after successful test

🌐4. Limit Network Exposure

👉 Port 2222 (or other) + AllowUsers

  • Change the default port (optional but useful)
  • Restrict access by IP if possible
  • Update firewall rules (ufw / iptables)

👤5. Control Authorised Users

👉 AllowUsers myuser

  • Explicitly list authorised accounts
  • Remove or disable unused accounts
  • Use groups to simplify management

🛡️6. Set Up Fail2ban

👉 Blocks IPs after X failed attempts

  • apt install fail2ban (Debian/Ubuntu)
  • Configure jail.local for SSH
  • Check logs: fail2ban-client status sshd

7. Test Before Closing the Session

👉 Never lock yourself out.

  • Open a 2nd test session before closing the 1st
  • Reload SSH: systemctl reload sshd
  • Verify the connection with the new settings

🎯 Results Achieved

🛡️

Brute force attempts significantly reduced

🔒

Unauthorised access much harder to achieve

📉

Attack surface significantly reduced

🧠 Key Takeaway

Security does not rely on:

❌ 'magic' tools

❌ luck

❌ one-off actions

It relies on:

✔ clear procedures

✔ applied best practices

✔ discipline over time

Have you ever audited the SSH configuration of your servers? What is the first measure you always apply?

Share LinkedIn X / Twitter

Need personalised guidance?

NagaShield Security helps you implement these measures concretely, tailored to your organisation and budget.

Request a free diagnostic
🛡️

Besoin d'aide sur ce sujet ?

Pentest & Audit Technique

Voir le service →Devis gratuit

Related articles

Technical

Cisco SD-WAN: handling an actively exploited flaw with no patch (CVE-2026-20245)

4 min

Technical

I Set Up a PAM Foundation in 45 Minutes. Here's How — and Why.

4 min

Technical

Blue Team Use Case — Detecting Mimikatz

4 min

Back to blog