Skip to content
Menu
Marius Serbanica – Tech Blog
  • My Tech Blog
  • About me
  • Contact Me
  • Curriculum Vitae
  • Projects
  • Current Projects List
  • Certifications
  • Home Lab
  • Self-Hosted
  • Linux Cheat Sheet
  • Linux Commands
  • Privacy Policy
  • Site Map
Marius Serbanica – Tech Blog
February 3, 2023

Simple measures for better network security – SSH

Since I’ve been planning on securing my SSH connections I figured I should post here as well, showing you all how you could improve your network security by simply doing the next things I’m going to list down below. I do have a fair amount of boxes and VMs running on my home lab, so I wanted to make sure that they’re as secure as they can possibly be.


I’ll maybe make a blog series about this as this won’t be the first nor the last series of measures I will be applying on my home network.

Prior to this, I did change my router’s default user/pass for both root login and Wi-Fi. Made use of the Guest Network option it provides so that when people are visiting my house and ask for my Wi-Fi password, they will get to connect to my guest network, rather than my main network, making breaches less likely to occur.

I also changed my main IP pool from the default 192.168.0.1 to something different. I am planning to get a better switch for my home network, just so I could make use of VLANs as well, but until then, let’s get on to the main attraction –> Deploying security measures for all my SSH connections.

As more and more people are setting up home labs to learn and experiment with various technologies, the need for secure connections has become increasingly important. In this post, we will discuss some of the steps you can take to enhance the security of your home lab SSH connections.

Change the SSH Port from 22 to Something Else

The first step in securing your home lab SSH connections is to change the default SSH port. By default, SSH uses port 22, and hackers often scan for this port to find vulnerable systems. By changing the port to something else, you can make it more difficult for an attacker to find and compromise your system. To change the SSH port, you need to edit the SSH daemon configuration file (sshd_config) and modify the Port directive.

sudo nano /etc/ssh/sshd_config

Restrict Root Access

Another important step in securing your home lab SSH connections is to restrict root access. Root is the most privileged user on a Linux system, and an attacker who gains root access can easily compromise your system. To restrict root access, you should create a new user account with a strong password and use that account to log in to your system. When you need to perform administrative tasks, you can use the su command to switch to the root account.

adduser <NewUser>
usermod -aG sudo <NewUser>

su - <NewUser>
sudo systemctl restart sshd

Use Public Keys

Using public keys for authentication is another way to enhance the security of your home lab SSH connections. Public key authentication is more secure than password-based authentication, as it eliminates the risk of brute-force attacks. To set up public key authentication, you need to generate a public/private key pair on your local system and copy the public key to the home lab system. You also need to configure the SSH daemon to allow public key authentication and disallow password authentication.

Other Network Security Measures

In addition to the above steps, there are several other network security measures that you should consider implementing:

  1. Use a firewall to restrict access to the SSH service to only trusted IP addresses.
  2. Enable two-factor authentication (2FA) to add an extra layer of security to your login process.
  3. Enable encryption for all network communications to protect sensitive information.
  4. Keep your system and software up-to-date with the latest security patches.
  5. Regularly monitor your system logs to detect any suspicious activity.

Securing your home lab SSH connections is crucial to protect your system from attacks. By changing the SSH port, restricting root access, using public keys, and implementing other network security measures, you can enhance the security of your home lab and prevent unauthorized access.

Share on Social Media
x facebook linkedin

1 thought on “Simple measures for better network security – SSH”

  1. Pingback: Simple measures for better network security v2 – VLANs, VPN & Password Manager. – Marius Serbanica – Tech Blog

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Join my LinkedIn Network.

Recent Posts

  • Kubernetes cluster. Why and how
  • Installing GNU-World on ircu2
  • Replacing Cloudflare Tunnel with Tailscale on a VPS
  • KASM – My main workspace RBI
  • Transforming a Mini PC into a Powerful Home Network Hub / Router/ Firewall with OPNsense

Archives

  • February 2025
  • January 2025
  • October 2024
  • May 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023

Categories

  • How-To
  • Tech Industry
  • Tech, but personal
  • Tutorials

Recent Comments

  1. IRC Lamer on Installing GNU-World on ircu2
  2. severus2231 on Transforming a Mini PC into a Powerful Home Network Hub / Router/ Firewall with OPNsense
  3. admin on Mounting a NAS (Network Attached Storage) device on Linux
  4. abL on Mounting a NAS (Network Attached Storage) device on Linux
  5. Alin R on Cleaning up your Linux OS.
Social Media
Find me on social media
Facebook Twitter Instagram LinkedIn

©2025 Marius Serbanica – Tech Blog