Jul 302011
 

Small tips for securing a server with from SSH login

1. Disable Password Login

edit /etc/ssh/sshd_config and set the following

PasswordAuthentication no

now you can only login via ssh keys.
generate your local keys using ssh-keygen -t rsa
then put your id_rsa.pub in the user account on the server
i.e. /root/.ssh/authorized_keys

2. Random Passwords

Set all user passwords to large pseudo-random strings.
i.e. I set all users on all servers with different passwords looking like this:
Z4Q7H6pI53Xtsbgs8qKC
20 random alpha-numeric characters (a-z, A-Z, 0-9)

see here for more passwords https://www.grc.com/passwords.htm
you can test the password with the brute force search space calculator with https://www.grc.com/haystack.htm

3. Login alerts by email

Everytime a user has logged in the system, you should get an email alert.
For that I do put login_alert.sh and appended it to the end of /etc/profile

At the end of the file /etc/profile numberswiki.com

add this line:

sh /etc/login_alert.sh

then create a file /etc/login_alert.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#!/bin/sh
SERVER_NAME=`hostname -f`
SEND_TO="myemail@gmail.com"
LOGIN_WHO=`who -m | cut -d"(" -f2 | cut -d")" -f1 | tr -d \r`
 
echo "
Shell Login Access to ${SERVER_NAME}
From: ${LOGIN_WHO}
Date: `date`
 
Active Users:
 `who`
 
Uptime: 
 `uptime`
 
" | mail -s "Alert: SSH Login to ${SERVER_NAME} from ${LOGIN_WHO}" $SEND_TO

so you will get an email like this every time someone login to the server.

Subject: Alert: Shell Login to 'hostname' from ppp-122-122-122-122.evip2.xxxxxx.xx.xx

Shell Login Access to mail9.hostname.net
From: ppp-122-122-122-122.evip2.xxxxxx.xx.xx
Date: Fri Jul 29 18:23:19 UTC 2011

Active Users:
 root     pts/0        2011-07-29 17:57 (ppp-122-122-122-122.evip2.xxxxxx.xx.xx)

Uptime: 
  18:23:19 up 189 days,  2:38,  1 user,  load average: 0.05, 0.08, 0.07

4. System Updates

Always keep updated. I run “aptitude full-upgrade” everyday on all debian machines.
also goes for Mac and Windows.

 Posted by at 1:29 am

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Switch to our mobile site