Linux Security

Harden SSH server on Linux

Lock down SSH without locking yourself out — test every change in a second session.

16 min read Intermediate Updated 9 Jun 2026
Linux library Start the guide

Step-by-step guide

Work through each section in order. Stop when your issue is resolved — you do not need every step for every situation.

Warning

Use a sudo-capable account, keep shell history for audit, and back up critical paths before changing boot, SSH, or package state.

What you will achieve

Lock down SSH without locking yourself out — test every change in a second session.

1) Configure secure sshd defaults

sudo nano /etc/ssh/sshd_config

2) Recommended directives

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
AllowUsers youradmin

3) Test before closing active session

sudo sshd -t
sudo systemctl restart ssh
sudo systemctl status ssh

Related guides

hardening linux ssh

Related guides

Continue with these next if you are building a fuller setup or troubleshooting path.

Security
SSH key-based authentication on Linux
Replace password-only SSH with keys — generate, install, test, then harden once you know you will not lock yourself out.
Read guide
Security
Fail2ban basics for SSH
Automatically block IPs hammering SSH — simple jail config for small servers.
Read guide