Multiple Ways to Secure SSH Port

Secure Shell (SSH) is defined as a network protocol to operate network services securely over an unsecured network. The standard TCP port for SSH is 22. The best application of SSH is to remotely login into computer systems by users.

This article will be explaining about the network securities which help the network administrator to secure the service of SSH on any server through multiple ways.

 Methods Used:

  1. Port Forwarding
  2. Disable Password Based Login And Using PGP Key (Public Key)
  3. Disable Root Login and Limit SSH User’s Access
  4. Google Authenticator
  5. Time Scheduling
  6. Disable Empty Passwords

Before moving on, Let us first install SSH server on our client machine using following command.

Port Forwarding

Once the SSH services are configured and running, we can begin with our first security measure which is Port Forwarding. Upon initiating the scan on client’s machine IP address using nmap , it shows that SSH is running on Port 22.

Navigate to /etc/ssh and we will find a file named sshd_config in the client’s machine.

cd /etc/ssh

Open the file sshd_config using nano command.

Now change the port 22 to port 2222 as shown in the below screenshot and save the changes made in the sshd_config file . Hence , in this way we have forwarded the port from 22 to 2222.

Now to confirm port forwarding, we will again scan the Client’s IP address using nmap

The output of the nmap shows that TCP port 2222 is opened ; however shows EthernetIP-1 in the service description which doesn’t give exact description of the service running .So we will run the following nmap command with version detection option

With the next output of nmap , it is clearly visible that SSH services are running on TCP Port 2222 along with the description of OpenSSH version.

Disable Password Based Login

To begin with this security measure we need to download and install PuTTY Key Generator.

Note : PuTTYgen is an key generator tool for creating SSH keys for PuTTY and stores keys in its own format ( .ppk extension)

Open it and Click on Generate.

Clicking on Generate will initiate the process of generating a Public and Private Key  , as shown in the image.

Once Public and Private Key are generated , click on Save Public Key. This will save the key as a Public Key.

Now open the Ubuntu terminal of our server and type ssh-keygen.

The above command will create a folder named .ssh and then create an empty text file with the name authorized_keys in the same folder. After that copy the “ssh_login.ppk” file which was created using PuTTy Key Generator previously and paste it into the .ssh folder as shown in the image.

In the terminal, move into .ssh folder and type the following command:

This command will generate a key.

Now copy this key and paste it in the empty file named authorized_keys using nano command and save it.

Now open the putty configuration tab, then go to Session tab and give the IP Address & Port Number of your Clients Machine were ssh server is configured.

Now go to data and give Auto-login username.

Navigate to SSH>Auth and give the path of ssh_login.ppk file (public key that was generated earlier) and then click Open.

It will simply use the public key to Login into SSH Server without asking for Password.

Open the sshd_config file in /etc/ssh using gedit command .Here we will make changes in line #PasswordAuthentication as shown in the image.

Current configuration

#PasswordAuthentication yes