How to configure /etc/ssh/sshd_config file
The sshd_config file refers to the main configuration file that allows the user to make the changes in the features of SSH protocol. There are many features for this protocol and these can be made or changed according to the users needs. And by making configuration changes it also allows the user to provide more security to server/system that we are using. Some of the main features are listed below.
Port 22 The port option specifies which port the SSH daemon listens for incoming connections. The default port specified for this is port 22.
ListenAddress This address specifies the IP address of the interface network on which ssh server daemon socket is bind. The default ListenAddress is 0.0.0.0.
ServerKeyBits 1024 This option is useful when we create the server key. For example: To enable key authentication we usually create the public/private key pair and this option is used when creating this key. From this feature the key is generated with the bits mentioned in this option.
LoginGrace time 600 The 'LoginGrace time' option specifies how long the server has to wait untill getting disconnected from the server if the user has not successfully disconnected from the server.
KeyRegenerationInterval 3600 The 'KeyRegenerationInterval' option specifies how long the server should wait before it automatically generated the key. The 'KeyRegenerationInterval' is shown in seconds.
RSAAuthentication yes This option specifies to try RSA authentication which provides more security for your servers. This option enables the public and private key pair generated by the ssh-keygen option.
PermitEmptyPasswords yes This option provides login using a null password. This is useful when transfering files between server or while taking an automated backup of the system
PasswordAuthentication yes 'PasswordAuthentication' specifies whether we should use password-based authentication. By enabling this option users can login to the system using the password set. As mentioned we can enable both password as well as key based authentication to servers.
AllowUsers admin This option specifies which all users are permitted to login via SSH to the system. We can enable multiple user entries here by adding user names seperated by spaces.
StrictModes yes The 'StrictModes' option specifies whether ssh should check user's permissions in their home directory and also the r hosts files before accepting the login to the system. This option must be enabled as users may leave their folders or files in writable mode for all.
These are some of the main configurations changes that are to be made in the sshd_config file to prevent unwanted logins to the system and also to provide more security for its users.
PermitRootLogin yes This option permits root login via SSH to server. This option should always be set to 'Yes' so as to allow SSH access for the root user to server.
