Secure your SSH access

August 2016

What is SSH?

SSH is a security protocol that make use of private keys and public keys for communication between two computer stations, it is (generally) used to manage Linux servers. This protocol was designed to replace Telnet and that's the second major release.


When a system administrator is confronted to an intrusion/attack on its server that is often due to the fact that he used port 22 for ssh, he didn't disabled root and the password used, was an easy to guess one.

The solution

Note: The following manipulations were performed under Linux Debian 5

When installing your server, SSH is configured on port 22 by default port and you will only have a single user as machine's root, this user has all the rights and is very dangerous! We will remedy this by changing the ssh port and prevent access to root.

First log in as root (this is probably the last time ;-)).

Creating a new user

Type the following command, replacing yourname with the name of new user.

adduser yourname 

You will be asked to enter a password and confirm it.

You are then prompted to provide some information (optional):
  • Full Name [] = Your full name
  • Room Number [] = number of office
  • Work Phone [] = The phone of your work
  • Home Phone [] = The phone in your home
  • Other [] = ....

Your new user is now created!

Change the port

Port 22 is automatically assigned SSH and the problem is that any hackers who attempt to access a server uses this port first.

To change it open the configuration file for ssh (for debian:/etc/ssh/sshd_config) with your favorite editor
Once in the file open find the line where "Port 22" is indicated and replace 22 by a number of your choice.
Don't close the file for now.

Disable root access

In the SSH configuration file, find the line PermitRootLogin and set if from "On" to "Off"

Going further

  • This step is not mandatory but it is interesting nonetheless.
  • In the ssh configuration file, find the line starting with MaxStartups.
  • This option sets the number of attempts to access the server (based on the IP) before blocking the the IP.
  • Here's an example:
  • MaxStartups 5:15:20
  • 5 corresponds to the number of attempts before being entitled for another chance to access the server.
    • The 15 corresponds to the percentage chance for another attempt.
    • And 20 is the maximum number of connections.

For the changes to take effect, you must restart the SSH server or the entire server. During the next connection to the server it will use the new port and the new user. If you want to use root privileges, use the su commands!

See also :

This document entitled « Secure your SSH access » from CCM ( is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.