How to Securely Configure SSH on Linux

SSH is a powerful tool for remote server management, but improper configuration can leave your server vulnerable to attacks. In this guide, we’ll show you how to securely configure SSH to allow only key-based authentication.

1. Install and Enable SSH

First, ensure the OpenSSH server is installed and running.

Install OpenSSH

yay -S openssh

2. Enable and Start the SSH Service

sudo systemctl enable sshd
sudo systemctl start sshd

Unfortunately now you are exposed for attack from the internet if your password is weak or will leak.

In next step we will disable password authentication and enable only public key authentication.

3. Edit the SSH Configuration File

Modify the SSH configuration file to enhance security. Open the Configuration File

sudo nano /etc/ssh/sshd_config

Update the Following Settings

a) Disable Password Authentication:

PasswordAuthentication no

b) Enable Public Key Authentication (this is usually enabled by default):

PubkeyAuthentication yes

c) Disable Other Authentication Methods (optional, for stricter security):

KbdInteractiveAuthentication no
UsePAM no

Save and close the file.

4. Restart the SSH Service

Restart the SSH service to apply the changes:

sudo systemctl restart sshd

You can test it and expect result should look like this:

$ ssh [email protected]
[email protected]: Permission denied (publickey).

Now manually copy you public key to the server typing on your local machine:

cat ~/.ssh/id_ed25519.pub | xclip -sel copy

Then open the server terminal and paste the key to the ~/.ssh/authorized_keys.

Now you can’t log in to the server even knowing password.