3. Hardeing SSH Access
Now that you've setup a non-root user with key-based authentication and sudo privileges, it is time to harden the ssh access. This will result in a few things:
- Default SSH-port will be changed from 22 to 69 or 60483. This will prevent automated scripts from being able to target your machine
- Disabling root user login via SSH. The only user who will be able to login via ssh, will be the non-root user you created. Again, this will protect you from automated scripts that have a default user of
root
- Disabling Password Authentication: Basically, you will not be able to login into the server with your password. Disables all password-based authentication via ssh. You won't be able to login without the private key.
By undertaking all these measures, you secure your server from unauthorised access.
Remember, all this is useless if someone else gets their hands on the private key file