In this section, we will discover some advanced security settings that are needed for most Ubuntu servers that are in a production environment, especially when they contain critical services. This advanced configuration is important because it will directly touch the behavior of services besides Ubuntu Server itself.
By definition, SSH is a secure communication protocol, but there are some additional enhancements that we can apply to take this security a step ahead.
Let's start with the default Ubuntu SSH configuration. The /etc/ssh/sshd_config
file, which is very secure as it allows authentication keys to be used, uses privilege separation and allows only SSH protocol 2. The only questionable setting is PermitRootLogin yes
, which defines the option that allows root users to log in via SSH. In our case (Ubuntu Server with the default installation), this setting is useless since the root account is disabled, but in case you would like...