In this guide, I will show you how to lockdown your login for Ubuntu Server 20.04 by changing the SSH Port, enabling the firewall, and disabling password authentication.
Setup SSH Keys and ensure they work before following this guide.
First, we need to allow the SSH port that we are going to use through the firewall. In this guide, I will use Port 7070. The default SSH Port is 22 which is commonly used, and easy to guess and exploit.
sudo ufw allow 7070Now we can edit our ssh configuration. First we need to use nano to edit the config file.
sudo nano /etc/ssh/sshd_configNow, make the following modifications in your config file.
Port 7070 AddressFamily inet PermitRootLogin no PasswordAuthentication no PermitEmptyPasswords no
Use CTRL-X to exit, Y to save, and press the Enter key. Now we are going to restart our SSHD Service.
sudo systemctl restart sshdNow test and ensure everything works, then we can enable the firewall.
sudo ufw enableDo not close out of your SSH session. Open a new SSH session and ensure you can SSH into the server.