05-31-2018, 01:28 PM
I would recommend not running sshd on a public IP address unless there is some reason you need to log in remotely. The most secure way is to put the machine behind a firewall.
or if you have multiple network interfaces, you can tell sshd only to listen on the internal one. You can also tell sshd not to allow root to log in over ssh. You can also tell sshd to listen on a different port than 22, this will cut down on login attempts but not eliminate them. All of these things can be done by editing /etc/ssh/sshd_config.
Another thing you can do is configure sshd to authenticate using RSA encryption keys instead of passwords (you have to generate the keys first and distribute them to any machine(s) you want to connect from).
Here's an article with some good tips on securing your SSH: https://www.cyberciti.biz/tips/linux-uni...tices.html
or if you have multiple network interfaces, you can tell sshd only to listen on the internal one. You can also tell sshd not to allow root to log in over ssh. You can also tell sshd to listen on a different port than 22, this will cut down on login attempts but not eliminate them. All of these things can be done by editing /etc/ssh/sshd_config.
Another thing you can do is configure sshd to authenticate using RSA encryption keys instead of passwords (you have to generate the keys first and distribute them to any machine(s) you want to connect from).
Here's an article with some good tips on securing your SSH: https://www.cyberciti.biz/tips/linux-uni...tices.html