If you have access or if you have unix (root) server in most cases you use ssh to login into the console.
First of all, to avoid that a user is logged forever into the server, SSH can deal with an idle timeout interval. After this interval has passed, the idle user will be automatically logged out.
In /etc/ssh/sshd config file, enter:
# vi /etc/ssh/sshd config
Find the variable ClientAliveInterval and set this to 300 seconds (5 minutes) as follows:
ClientAliveInterval 300
ClientAliveCountMax 0
Save the file and restart ssh. On debin like systems you have to issue:
/etc/init.d/sshd restart
Second, just disable login as root.
To disable root login via SSH, update your sshd_config again with the following line:
PermitRootLogin no
Third, only use the ssh protocol in version 2. ssh protocol version 1 should be avoided and disabled in ssh config.
Please open sshd_config file and make sure the following line exists or add it there:
Protocol 2
Fourth best practice is to limit the number of users that can login to the server over ssh.
To only allow root, john and joe user to login via ssh please add the following to sshd_config file:
AllowUsers root john joe
Fifth, use strong passwords for your login.
Here is a simple but powerfull password generator function. Add this to your ~/.bashrc.
passwdgen() {
local l=$1
[ "$l" == "" ] && l=20
tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs
}
You can pass a length argument to the passwdgen function:
$ passwdgen 15
L0kyeSv2mSGQc31