This document summarizes the SSH hardening measures that have been successfully applied to the server. The goal was to disable password-based logins in favor of more secure key-based authentication from a trusted jump host.
???? SSH Key-Only Access
SSH access is now restricted to key-based authentication only. All password-based login methods have been disabled.
-
Configuration: The following lines were set in
/etc/ssh/sshd_config:Ini, TOMLPasswordAuthentication noChallengeResponseAuthentication no -
Access Method: A dedicated SSH key pair was generated, and the public key has been added to
/root/.ssh/authorized_keyson the VDS. Login is only possible from the designated jump host.
???? Root Login Configuration
Direct root login is permitted, but it is strictly limited to using an SSH key. This prevents brute-force password attacks against the root account.
-
Configuration: The following was set in
/etc/ssh/sshd_config:Ini, TOMLPermitRootLogin prohibit-password
????️ Unaffected Services & Recovery
These hardening measures apply only to the SSH service and do not affect other methods of access.
- WHM Panel: Login to the WHM panel at
https://panel.enlivendesigners.com:2087remains unaffected. You can still log in as root using the standard password through the web interface. - VNC Console: In the event of an SSH lockout, emergency root-level access is available through the Contabo Web Console (VNC).
✅ Verification
The SSH service was restarted to apply the new configuration, and all changes have been verified as working correctly.
-
**Command:**Bash
systemctl restart sshd -
Status:
- SSH login with a key from the jump host is successful.
- SSH login attempts using a password are blocked.
