Hardening SSH security on a Debian 9 server

There are a number of things you can do:

  • Set up a private key that uses a key-stretching algorithm to protect brute-forcing the passphrase.
  • Configure AllowUsers in sshd so only named accounts can gain access
  • Use fail2ban or fwknop to further prevent outside attacks (remember that CVE-2008-0166 caused Debian users to generate only one of 32,767 possible keys)
  • Actively monitor your machine for attacks

Tags:

Openssh

Debian

Hardening

Recent Posts