Small tips for securing a server with from SSH login
1. Disable Password Login
edit /etc/ssh/sshd_config and set the following
PasswordAuthentication no
now you can only login via ssh keys.
generate your local keys using ssh-keygen -t rsa
then put your id_rsa.pub in the user account on the server
i.e. /root/.ssh/authorized_keys
2. Random Passwords
Set all user passwords to large pseudo-random strings.
i.e. I set all users on all servers with different passwords looking like this:
Z4Q7H6pI53Xtsbgs8qKC
20 random alpha-numeric characters (a-z, A-Z, 0-9)
see here for more passwords https://www.grc.com/passwords.htm
you can test the password with the brute force search space calculator with https://www.grc.com/haystack.htm
3. Login alerts by email
Everytime a user has logged in the system, you should get an email alert.
For that I do put login_alert.sh and appended it to the end of /etc/profile
At the end of the file /etc/profile add this line:
sh /etc/login_alert.sh
then create a file /etc/login_alert.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | #!/bin/sh
SERVER_NAME=`hostname -f`
SEND_TO="myemail@gmail.com"
LOGIN_WHO=`who -m | cut -d"(" -f2 | cut -d")" -f1 | tr -d \r`
echo "
Shell Login Access to ${SERVER_NAME}
From: ${LOGIN_WHO}
Date: `date`
Active Users:
`who`
Uptime:
`uptime`
" | mail -s "Alert: SSH Login to ${SERVER_NAME} from ${LOGIN_WHO}" $SEND_TO |
so you will get an email like this every time someone login to the server.
Subject: Alert: Shell Login to 'hostname' from ppp-122-122-122-122.evip2.xxxxxx.xx.xx Shell Login Access to mail9.hostname.net From: ppp-122-122-122-122.evip2.xxxxxx.xx.xx Date: Fri Jul 29 18:23:19 UTC 2011 Active Users: root pts/0 2011-07-29 17:57 (ppp-122-122-122-122.evip2.xxxxxx.xx.xx) Uptime: 18:23:19 up 189 days, 2:38, 1 user, load average: 0.05, 0.08, 0.07
4. System Updates
Always keep updated. I run “aptitude full-upgrade” everyday on all debian machines.
also goes for Mac and Windows.