Skip to content

Hardening ssh service on Ubuntu server

May 15, 2022 | 01:00 PM

After create new ubuntu server, we’ll need to:

1. Create new user

adduser <username>

Add user to sudo group:

usermod -aG sudo <username>

or add this line to file /etc/sudoers.d/90-cloud-init-users (sudo without password)

<username> ALL=(ALL) NOPASSWD:ALL

2. Add ssh key for new user

Add ssh key to file /home/<username>/.ssh/authorized_keys

3. Disable root login and password based login

Edit file /etc/ssh/sshd_config, Find ChallengeResponseAuthentication and set to no:

ChallengeResponseAuthentication no

Next, find PasswordAuthentication set to no too:

PasswordAuthentication no

Search for UsePAM and set to no, too:

UsePAM no

Finally look for PermitRootLogin and set it to no too:

PermitRootLogin no
PermitRootLogin prohibit-password

Save and close the file. Reload or restart the ssh server on Linux:

service ssh restart