notepad++
~
babel
zig
+
svelte
+
apex
aurelia
laravel
go
+
delphi
pycharm
+
+
fortran
+
+
java
[]
yaml
alpine
+
+
oauth
+
perl
circle
+
helm
+
ionic
abap
||
remix
+
matplotlib
+
mvn
gentoo
nuxt
===
+
chef
mocha
+
+
+
vault
haiku
+
+
+
+
strapi
+
lit
+
+
+
+
+
f#
+
https
fastapi
cosmos
notepad++
+
xml
stimulus
vscode
parcel
fauna
+
istio
+
+
+
abap
+
+
elm
circle
+
~
kali
hugging
+
Back to Blog
Securing SSH on AlmaLinux: Best Practices
Linux AlmaLinux

Securing SSH on AlmaLinux: Best Practices

Published Dec 17, 2023

Boost your AlmaLinux server security! Learn to disable root login, implement key-based authentication, and more.

4 min read
0 views
Table of Contents

SSH (Secure Shell) is the backbone of remote server management, making its security paramount. This guide will walk you through essential SSH hardening techniques for AlmaLinux systems.

Disabling Root Login

One of the first steps in securing SSH is to disable direct root login:

  1. Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
  1. Find and modify the following line:
PermitRootLogin no
  1. Restart the SSH service:
sudo systemctl restart sshd

Creating a New User with Sudo Privileges

Before disabling root login, ensure you have a user account with administrative privileges:

sudo adduser krython-user
sudo usermod -aG wheel krython-user
sudo passwd krython-user

Implementing Key-Based Authentication

Password authentication is vulnerable to brute-force attacks. Key-based authentication provides a more secure alternative:

Generate SSH Key Pair (on your local machine)

ssh-keygen -t rsa -b 4096

Copy Public Key to Server

ssh-copy-id krython-user@your-server-ip

Disable Password Authentication

Edit /etc/ssh/sshd_config:

PasswordAuthentication no

Additional Security Measures

Change Default SSH Port

Modify the port in /etc/ssh/sshd_config:

Port 2222

Configure Idle Session Timeout

Add to /etc/ssh/sshd_config:

ClientAliveInterval 300
ClientAliveCountMax 2

Implement Two-Factor Authentication

Install Google Authenticator:

sudo dnf install google-authenticator -y

Configure for your user:

google-authenticator

Firewall Configuration

Don’t forget to update your firewall rules if you change the SSH port:

sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --reload

Monitoring and Logging

Enable detailed logging in /etc/ssh/sshd_config:

LogLevel VERBOSE

Monitor failed login attempts:

sudo journalctl -u sshd | grep "Failed"

Conclusion

Securing SSH is crucial for maintaining a robust server infrastructure. By implementing these best practices - disabling root login, using key-based authentication, changing default ports, and enabling proper logging - you significantly reduce the attack surface of your AlmaLinux server.

Remember to test your configuration thoroughly before logging out to avoid locking yourself out of the system!

Share this article

Buy me a coffee
clion
aws
...

Related Articles

How to Change Hostname on AlmaLinux
Linux AlmaLinux

How to Change Hostname on AlmaLinux

Seamlessly change your AlmaLinux system's hostname with this guide. Explore temporary and permanent methods using commands, config files, and utilities.

Read more
Configuring SELinux for AlmaLinux Security
AlmaLinux Linux

Configuring SELinux for AlmaLinux Security

Secure AlmaLinux with ease! Learn how to set up SELinux for stronger protection. Simple steps, powerful defense. Your system, your safety. 🚀🔒

Read more
How to Install and Configure Fail2Ban on AlmaLinux
Linux AlmaLinux

How to Install and Configure Fail2Ban on AlmaLinux

Secure your AlmaLinux server! Learn to install and configure Fail2Ban, a powerful tool that guards against unauthorized access.

Read more