Linux SSH Server (sshd) Configuration and Security Options With Examples
Last Updated : 20 Mar, 2025
SSH is short for Secure Shell or Secure Socket shell. According to Wikipedia, the Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. sshd is short for Secure shell daemon. SSH is one of the most reliable ways that you can choose to secure your Linux server-Virtual Private Server, which may be hosted on the Cloud or a server that you have hosted locally on your machine.
This article assumes that you already have ssh utilities installed on your Linux machine.
Configuration and Security Options
Step 1: Generate ssh key pairs using the keygen utility.
Open your Linux terminal and connect to your server. Next on the client side(open another terminal) run the following commands to log in using ssh key pairs. To generate public and private key pairs execute the below command:
ssh-keygen -t rsa -b 2048 -C "put any comments here"
To view, the id_rsa.pub key, then run execute the below command.
cat .ssh/id_rsa.pub
The below command lists the contents of the id_rsa file.
cat.ssh/id_rsa
Step 2: Now copy the keys to your virtual machine
Run the below command on your machine to copy the keys.
ssh-copy-id {username}@{ipaddress}
Step 3: If you want to disable password authentication, open sshd configuration by running(It is recommended)
sudo vim /etc/ssh/sshd_config
Look for the PasswordAuthentication option and change it to no
Remove the "#" symbol before the PasswordAuthentication (or any option that you wish to modify) and change it to no. Make sure that the PubkeyAuthentication is set to yes The authorized keys file shows all the keys that you have generated.
Now restart the ssh service by running the below command:
systemctl restart ssh
When you open the sshd configuration, you will notice many options there. We will discuss some of them here.
Option 1: Port 22
The port by default is set to 22. If you wish to change the default settings, remove the comments and enter a port of your choice. It is recommended that you do not use port 22 as anyone trying the infiltrate your system is most likely to check port 22 for vulnerabilities first.
changing port numberOption 2: AddressFamily
This allows you to configure the type of addresses you want to connect to your server like ssh, bastion(for linux machine hosted virtually on Microsoft Azure), ipv4, ipv6, etc. The default is 'Any' which allows you to connect to your server using any protocol.
Option 3: MaxAuthTries
This allows you to set the maximum limit to wrong password entries. It is essential because it helps to protect your server against possible brute-force attacks.
Option 4: MaxSessions
This option allows you to enter a limit on the number of sessions that a user can have active. Just in case the user ever leaks their passwords, this option provides additional security.
Max Auth Tries and Max Sessions- changing the defaultsOption 5: Choosing your desired algorithm
The default algorithm for public and private keys is the RSA algorithm. However, you can change the type of the algorithm to suit your needs using the following key generation command:
ssh-keygen -t {put the name of your desired algorithm over here} -b 2048 -C "put any comments here"
Similar Reads
How to use SSH to connect to a remote server in Linux | ssh Command Secure Shell, commonly known as SSH, is like a super-secure way to talk to faraway computers, called servers. It's like a secret tunnel on the internet that keeps your conversations safe and private. Imagine you're sending a letter, and instead of sending it openly, you put it in a magic envelope th
8 min read
How to Control Systemd Services on Remote Linux Server Linux, SysV, and LSB init scripts are compatible with Systemd, a system and service manager. Aggressive parallelization capabilities are offered by Systemd, which also offers on-demand daemon starting and uses Linux cgroups to keep track of processes. Systemd also supports system snapshotting and re
2 min read
How to setup and configure an FTP server in Linux? FTP (file transfer protocol) is an internet protocol that is used for transferring files between client and server over the internet or a computer network. It is similar to other internet protocols like SMTP which is used for emails and HTTP which is used for websites. FTP server enables the functio
9 min read
How to setup and configure an FTP server in Linux? FTP (file transfer protocol) is an internet protocol that is used for transferring files between client and server over the internet or a computer network. It is similar to other internet protocols like SMTP, which is used for emails, and HTTP, which is used for websites. FTP server enables the func
13 min read
Setting up and Securing Ubuntu server with a Basic Firewall VPS(Virtual Private Servers) are commonly used to host and serve many types of services. There are many providers that provide virtual servers. Many of these provide VPS's with their custom-built Linux OS which is lightweight compared to their desktop versions. These OS have built-in security but we
3 min read