BestHub
Sign in
Information Security 6 min read

Boost Your Server’s Defense: Essential SSH and User Security Tweaks

Learn practical steps to harden a Linux server—including changing the SSH port, disabling root login, blocking ping, managing users and groups, securing critical system files, and configuring sudo—so you can protect your machine from common attacks and unauthorized access.

Liangxu Linux
Liangxu Linux
Liangxu Linux
Boost Your Server’s Defense: Essential SSH and User Security Tweaks

Modify SSH Login Configuration

Open the SSH daemon configuration file and adjust several parameters to improve security.

vim /etc/ssh/sshd_config

# Change the default port (choose a value above 10000)
Port 10000

# Use only protocol 2
Protocol 2

# Disallow direct root login
PermitRootLogin no

# Disallow empty passwords
PermitEmptyPasswords no

After editing, restart the SSH service:

service sshd restart

Disable Ping Responses

Prevent the system from answering any ICMP echo requests:

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

The default value is 0 (responses enabled).

User Management

Basic commands to inspect users and groups:

cat /etc/passwd          # list users
cat /etc/group           # list groups
who                      # current logged‑in user
last                     # login history

Remove unnecessary default accounts and groups to reduce attack surface:

userdel sync
userdel shutdown
# other removable users: halt uucp operator games gopher

groupdel adm
groupdel games
# other removable groups: lp dip

Lock critical account files to prevent modification:

chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/group
chattr +i /etc/gshadow

To revert, replace +i with -i and run the commands again.

Create New Users

Use adduser to add a user and passwd to set its password:

adduser username
passwd username

Regular users should only have full permissions within their own home directories; privileged actions require sudo.

To edit the sudoers file, grant write permission temporarily, add the user, then restore read‑only mode:

chmod u+w /etc/sudoers
# edit /etc/sudoers, e.g. add a line for the new user
chmod u-w /etc/sudoers

Grant Root Privileges

Three methods are described:

Uncomment the %wheel ALL=(ALL) ALL line in /etc/sudoers and add the user to the wheel group.

Add explicit entries for root and the user in /etc/sudoers so the user can run sudo -s.

Change the user’s UID to 0 in /etc/passwd, effectively making the account a root account.

After applying any method, log in with the modified account and use su - or sudo -s to obtain root privileges.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxUser ManagementSSHSudoServer SecurityRoot Access
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment