Secure SSH: Enforce Key Login, Disable Root Password, and Block Port‑22 Scanners
This guide explains how to harden SSH on Linux by forcing key‑based authentication, disabling root password logins, and filtering malicious IPs that scan port 22, including step‑by‑step commands and permission settings.
Enforce key‑based login
1. Edit /etc/ssh/sshd_config and set PasswordAuthentication no to disable password authentication.
2. Reload the SSH service: /etc/init.d/sshd reload 3. Generate an RSA key pair on the client machine: ssh-keygen When prompted, accept the default file ( ./id_rsa) and optionally set a passphrase.
4. Copy the public key to the server’s ~/.ssh/authorized_keys (create the .ssh directory if it does not exist) and set proper permissions:
cp id_rsa.pub /root/.ssh/authorized_keyschmod 644 /root/.ssh/authorized_keys5. On the client, protect the private key file: chmod 600 id_rsa 6. Connect using the key:
ssh -i id_rsa 192.168.158.129ITPUB
Official ITPUB account sharing technical insights, community news, and exciting events.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.