SSH Lockdown

Posted on 2012-08-27
Last Modified: 2012-08-27
I recently had a break-in attempt via ssh on my server at home. I'm running Ubuntu 12.04 with openssh-server 1:5.9p1-5ubuntu1 package. I primarily use SSH on my cellphone which is running on T-Mobile's network. Is there anyway to only allow IP's from this provider? Is there maybe a better way for me to lock down my system?
Question by:kjenney
    LVL 12

    Expert Comment

    You could change the port number that SSH listens on.
    LVL 2

    Expert Comment

    LVL 28

    Accepted Solution

    In your sshd_config:

    Don't allow root login
    Set for version 2 only
    Configure 'AllowUsers' and specify usernames

    And, if you can create a private/public key, upload your public key to the .ssh/authorized_keys2 file.

    Run fail2ban.
    LVL 27

    Expert Comment

    I found that moving the port to a different number to be the quickest and simplest way.  It immediately stops attacks.  The next step is to install fail2ban for future attacks, in case someone finds your new port number.
    LVL 1

    Author Closing Comment

    Fail2ban is a great little app! I used all of jesper's recommendations, very helpful!
    LVL 27

    Expert Comment

    Just FYI. By default, Ubuntu prevents you from logging in as root, so blocking root login in sshd is redundant.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Article by: btan
    The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
    Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now