13.Lock StylizedMotherboard

It is 2020, and we can say for sure, that ssh-server is still one of the most popular services on Linux systems. During various meetings, I was often asked: How to secure SSH?  Even though this question seems trivial, it is not. There are a lot of things to remember to accomplish well-designed service security.

 

Secure shell is used not only for a remote-shell, per se. Many other technologies depend on it, for various reasons. For example:

  • Git to download and push the code. ​[1]​
  • Ansible to apply tasks. ​[2]​
  • Cloudera for installation procedures. ​[3]​
    (Do not ask us, we do not understand it too.)  

I have decided to answer the above question once and forever, and always refer to this document, trying to keep it up-date and consistent with current security practices. The purpose of this post is to answer the question: How to secure SSH? It is a comprehensive document for infosec and devops teams, that will guide them through all known best-practices and hardening rules.

Thanks to Kamil Zabielski (This email address is being protected from spambots. You need JavaScript enabled to view it.) for submitting this article.