An attacker can try thousands of passwords in an hour, and guess even the strongest password given enough time. When reading each section, you should decide what balance is right for your specific situation.īecause a lot of people with SSH servers use weak passwords, many online attackers will look for an SSH server, then start guessing passwords at random. This page discusses some changes you can make, and how they affect the balance between security and ease-of-use. Ubuntu's default configuration tries to be as secure as possible without making it impossible to use in common use cases. If you get the error, "Unable to connect to Upstart", restart ssh with the following:Ĭonfiguring OpenSSH means striking a balance between security and ease-of-use. Once you've made your changes (see the suggestions in the rest of this page), you can apply them by saving the file then doing: For older versions replace "sudo" with "gksudo". Runs the standard text editor in Ubuntu 12.04 or more recent. Once you've backed up your sshd_config file, you can make changes with any text editor, for example sudo gedit /etc/ssh/sshd_config Sudo chmod a-w /etc/ssh/sshd_config.factory-defaultsĬreating a read-only backup in /etc/ssh means you'll always be able to find a known-good configuration when you need it.
Sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults Make sure not to get them mixed up.įirst, make a backup of your sshd_config file by copying it to your home directory, or by making a read-only copy in /etc/ssh by doing: ssh_config is the configuration file for the OpenSSH client. Sshd_config is the configuration file for the OpenSSH server.