In this tutorial, we'll learn how to secure SSH in cPanel.
Importance of Securing SSH
SSH (Secure Shell) is a protocol that allows secure remote access to a server. However, SSH is often targeted by attackers due to its widespread use and the potential for significant damage if compromised. Securing SSH is crucial to protect your server from unauthorized access, brute-force attacks, and other security threats. By changing the default SSH port, disabling root login, and using SSH keys for authentication, you can significantly enhance the security of your server.
How to Secure SSH in cPanel
Step-by-Step Instructions
1. Change the Default SSH Port
Changing the default SSH port from 22 to a non-standard port can help reduce the risk of automated attacks that target the default port.
Backup Configuration File: Before making any changes, it’s important to create a backup of the SSH configuration file. You can do this by running the following command:
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
Edit SSH Configuration File: Open the SSH configuration file using a text editor like nano or vim:
sudo nano /etc/ssh/sshd_config
Change Port Number: Find the line that starts with #Port 22 and change it to your desired port number. For example, if you want to use port 8398, the line should look like this:
Port 8398
Restart SSH Service: After making the changes, restart the SSH service to apply the new configuration:
systemctl restart sshd.service
Verify Changes: Open a new terminal session and try to connect to your server using the new port number to ensure that the changes have taken effect. For example:
ssh username@your_server_ip -p 8398
If you encounter any issues, ensure that the new port is open in your server’s firewall and that there are no conflicts with other services using the same port.
2. Disable Root Login
Disabling root login prevents unauthorized users from accessing your server with the root user account, which has full administrative privileges.
Create a Wheel User: Before disabling root login, create a user account that can be used to gain root privileges. This user should be added to the wheel group to allow sudo access:
sudo useradd wheeluser
sudo usermod -aG wheel wheeluser
Test Access: Ensure that the new user can log in via SSH and gain root privileges using the sudo command:
ssh wheeluser@your_server_ip
sudo su -
Edit SSH Configuration File: Open the SSH configuration file again:
sudo nano /etc/ssh/sshd_config
Disable Root Login: Find the line PermitRootLogin yes and change it to PermitRootLogin no. If the line is commented out with a #, remove the # to activate it:
PermitRootLogin no
Restart SSH Service: Restart the SSH service to apply the changes:
systemctl restart sshd.service
Verify Changes: Try to log in as the root user to ensure that root login has been disabled. You should be denied access.
3. Use SSH Keys for Authentication
Using SSH keys for authentication is more secure than using passwords, as it eliminates the risk of brute-force attacks.
Generate SSH Key Pair: On your local machine, generate an SSH key pair using the following command:
ssh-keygen -t rsa -b 4096
When prompted, you can add a passphrase for an extra layer of security. The public key will be saved in ~/.ssh/id_rsa.pub, and the private key will be in ~/.ssh/id_rsa.
Upload Public Key to Server: Copy the public key to your server using the ssh-copy-id command:
ssh-copy-id wheeluser@your_server_ip
Alternatively, you can manually add the public key to the ~/.ssh/authorized_keys file on the server.
Configure SSH Keys in cPanel:
- Log in to your cPanel account.
- Navigate to the Security section and click SSH Access.
- Under Manage SSH Keys, click Manage SSH Keys.
Click Import Key and follow the prompts to import your public key
Disable Password Authentication: To further enhance security, you can disable password authentication. Open the SSH configuration file again:
sudo nano /etc/ssh/sshd_config
Find the line PasswordAuthentication yes and change it to PasswordAuthentication no. Save the file and restart the SSH service.
In this tutorial, we've learnt how to secure SSH in cPanel. By following these steps, you can significantly improve the security of your SSH connections in cPanel. Always ensure that you have a backup of your configuration files and test changes thoroughly to avoid locking yourself out of your server.
Checkout our instant dedicated servers, Instant KVM VPS and premium shared hosting plans.
