As a Linux systems administrator, secure shell will be your best friend. You’ll use it every day and it will serve you well. But don’t use it unwisely, as you can find yourself and your server in a state of possible compromise. Here are a few tips to make sure your secure shell experience is smooth.

First off, make use of ssh-key encryption. This isn’t hard. All you have to do is generate a key, on the server, with the ssh-keygen command and then, once the key is created, copy it from the server to the desktop using the ssh-copy-id command. Once you’ve successfully logged in with the ssh-key, you can then disable password authentication within the /etc/ssh/sshd_config file.

You should also disable root user login via ssh. To do this, open up the /etc/ssh/sshd_config file, look for the PermitRootLogin line and change the yes to no. Save the file and restart the ssh daemon. The root user can no longer login via ssh.

Last but not least, if you’ve enabled ssh-key authentication, you can make use of the ssh-add and ssh-agent commands, which allow you to add your ssh keys and then start an agent instance, such that you do not need to keep entering your ssh key passwords. Once you’re done with the session, you can exit out of the session and the next time you attempt to log in with ssh, you’ll have to have the password. Just remember to exit the ssh-agent session to be safe.

Secure shell is a powerful program and can be an administrator’s best friend…especially when used properly.