Security

Secure SSH Server Hardening on Linux

Author :Liam K.
Date :March 08, 2026
Time :13 minutes

Step 1: Create a Non-Root Admin User

bash

sudo adduser deploy
sudo usermod -aG sudo deploy

Step 2: Generate SSH Key Pair on Local Machine

bash

ssh-keygen -t ed25519 -a 100 -C "deploy@myserver"

Step 3: Copy Public Key to Server

bash

ssh-copy-id deploy@SERVER_IP

Step 4: Harden sshd_config

bash

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sudo tee /etc/ssh/sshd_config >/dev/null <<'EOF'
Port 22
Protocol 2
PermitRootLogin no
PasswordAuthentication no
KbdInteractiveAuthentication no
ChallengeResponseAuthentication no
[...]

Command truncated. Copy to view full command.

Step 5: Validate and Reload SSH

bash

sudo sshd -t
sudo systemctl reload ssh
sudo systemctl status ssh --no-pager

Step 6: Keep Current Session Open

Open a second terminal and verify key login works before closing your current root session.

bash

ssh deploy@SERVER_IP

Step 7: Add Firewall Rule

bash

sudo ufw allow 22/tcp
sudo ufw limit 22/tcp
sudo ufw status

Step 8: Enable Fail2ban for SSH

bash

sudo apt install -y fail2ban
sudo tee /etc/fail2ban/jail.d/sshd.local >/dev/null <<'EOF'
[sshd]
enabled = true
maxretry = 4
findtime = 10m
bantime = 1h
EOF
[...]

Command truncated. Copy to view full command.

Step 9: Audit Authentication Logs

bash

sudo journalctl -u ssh -n 100 --no-pager
sudo tail -n 100 /var/log/auth.log

"SSH hardening is a layered process: identity, transport, access control, and continuous auditing."

Technical Author

Liam K.

System administrator and technical writer specializing in server infrastructure, security and deployment. Creating comprehensive guides to help you master server administration.