To increase security, we recommend taking a number of steps that will significantly increase the security of the SSH service.
1. Let’s make settings in the SSH service configuration file
nano /etc/ssh/sshd_config
1.1 Changing the default port
The SSH service uses port 22 by default, it is often accessed, let's change it, for example, to 2203
Port 2203
1.2 Deny access from the root user
First create a regular user:
useradd user1
passwd user1
Let's check the ssh configuration so that the line looks like this.
PermitRootLogin no
1.3 Authorization as root only with 2FA
The password may be intercepted, etc. It is best to implement two-factor authentication in order to authenticate as the root user, as we described in a separate article: Setting up two-factor authentication in ssh for root on Debian 12
After all the steps, do not forget to apply the settings by restarting the service:
service ssh restart
2. Setting up iptables
We insist that access to our ssh port is available only for a specific IP.
iptables -A INPUT -p tcp --dport 2203 ! -s 89.xxx.186.xxx -j DROP
or
iptables -A INPUT -p tcp --dport 2203 -s 89.xxx.186.xxx -j ACCEPT
iptables -A INPUT -p tcp --dport 2203 -j DROP
Make sure the rules are saved across reboots:
apt install iptables-persistent
iptables-save > /etc/iptables/rules.v4
These steps will significantly increase security and work with the SSH protocol.
We recommend using a VPS server as a static IP address since its IP will always be the same no matter where you are. This is convenient because when connecting from home, office, vacation, using the mobile Internet, you will always have different IP addresses and in most cases dynamic.