Jul 302011
 

Small tips for securing a server with from SSH loginvisualcage.ru

1. Disable Password Login

edit /etc/ssh/sshd_config and set the following

PasswordAuthentication no

now you can only login via ssh keys.
generate your local keys using ssh-keygen -t rsa
then put your id_rsa.pub in the user account on the server
i.e. /root/.ssh/authorized_keys

2. Random Passwords

Set all user passwords to large pseudo-random strings.
i.e. I set all users on all servers with different passwords looking like this:
Z4Q7H6pI53Xtsbgs8qKC
20 random alpha-numeric characters (a-z, A-Z, 0-9)

see here for more passwords https://www.grc.com/passwords.htm
you can test the password with the brute force search space calculator with https://www.grc.com/haystack.htm

3. Login alerts by email

Everytime a user has logged in the system, you should get an email alert.
For that I do put login_alert.sh and appended it to the end of /etc/profile

At the end of the file /etc/profile numberswiki.com

add this line:

then create a file /etc/login_alert.sh

so you will get an email like this every time someone login to the server.

4. System Updates

Always keep updated. I run “aptitude full-upgrade” everyday on all debian machines.
also goes for Mac and Windows.

 Posted by at 1:29 am

Sorry, the comment form is closed at this time.

Switch to our mobile site