When it comes to managing Linux servers, theres no more suitable alternative than using the terminal via SSH (Secure SHell). It gives you all the control you need to manage your server and is secured via encryption.

However, there is a constant threat from the "bad guys", internet hackers and script kiddies who like to try and break into things. There will always be someone trying to brute force their way into your server via SSH.

While the most secure thing, is not to run anything open, we know this isn't possible on remotely managed servers somewhere else in the world - it'd be impractical for me to go to Texas every time I needed to change something :D

There are a few simple things you can do however to improve the security of your server. All these changes can be done by editing the configuration file for OpenSSH - usually found at /etc/ssh/sshd_config - this can be opened with your favourite command line editor. Some of the changes I suggest may need uncommenting if they are in your configuration already.

Make sure you are forcing the server to use the more secure, SSH2 protocol, rather than SSH1. This can be achieved by setting the Protocol line to be 2 only, "Protocol 2".

Remote root login, it is a very very bad idea. Now, we can't disable the root user all together, this is needed for system administration but we can disable the ability to log directly into this user. We make sure we have another account on the machine first (and passworded) so that we can login to it. Once we can login to this account, we can 'su' to the root account. su, or Switch User is a utility which lets us change what user we are running as, from here we can get to the root user and run tasks we need. To disable direct login of the root user we set PermitRootLogin "no".

How well do you know your passwords? Quite well I'd hope... lets reduce the number of password attempts, this will hamper efforts of script kiddies trying dictionary attacks, this can be done by changing or adding MaxAuthTries with a value of how many attempts. I'd go with something like 3 or 5.

To reduce the likelyhood of someone finding and probing your SSH server you can cheat and hide the port by moving it to a none standard one, something that you can remember but isn't obvious or quite as guessable. This can be done by using the Listen config option, for example, Listen 22222 would move it to port 22222.

Once all these changes have been made, it is important to restart your SSH server to make them effective.

/etc/init.d/sshd restart or services sshd restart dependent on distro.