Harden Debian by Hardening SSH
Normally, SSH from default settings are open for local area network. Hence, there are a lot of settings not ready for Internet communications. Hence, one should harden the SSH server before exposing it to the Internet.
Identified Threats
These are the identified threats related to Debian Software.
(T-63) SSH Port Can Be Easily Identified for Brute-Force Attack
By default, SSH Port 22 is hard-coded and well-known externally. Hence, it is easy for attacker to attack the port by simple identification.
(T-64) SSH is Enabled For All Network Interfaces Automatically
By default, SSH listens to all network interfaces.
(T-65) SSH Allows Root Login By Default
By default, SSH permits root login.
(T-66) SSH Allows Empty Passwords By Default
By default, SSH permits empty password authentication.
(T-67) SSH Uses Protocol 1 By Default
By default, SSH uses Protocol 1 for backward compatibility.
(T-68) SSH Enables A List of Unused Services By Default
By default, SSH enables a list of its supported services.
(T-69) SSH Allows Password Authentication By Default
By default, SSH allows authentication via user's password.
(T-70) SSH May Not Use PAM To Manager Users By Default
By default, SSH may not use PAM to manage user's authentications.
(T-71) No Default Users List for Accessing SSH
By default, SSH does not have a list of users and user groups for authentications.
(T-72) SSH Users Can Modifies Root System
By default, all SSH users can modify root system.
Actions Required
Here are the list if actions to counter the issues.
Harden SSH Server
Of all the listed threats above, one should harden the SSH Server after installing it into Debian.
That's all for hardening Debian by hardening SSH server.