Small tips for securing a server with from SSH loginvisualcage.ru
1. Disable Password Login
edit /etc/ssh/sshd_config and set the following
now you can only login via ssh keys.
generate your local keys using ssh-keygen -t rsa
then put your id_rsa.pub in the user account on the server
2. Random Passwords
Set all user passwords to large pseudo-random strings.
i.e. I set all users on all servers with different passwords looking like this:
20 random alpha-numeric characters (a-z, A-Z, 0-9)
see here for more passwords https://www.grc.com/passwords.htm
you can test the password with the brute force search space calculator with https://www.grc.com/haystack.htm
3. Login alerts by email
Everytime a user has logged in the system, you should get an email alert.
For that I do put login_alert.sh and appended it to the end of /etc/profile
At the end of the file /etc/profile numberswiki.com
add this line:
then create a file /etc/login_alert.sh
so you will get an email like this every time someone login to the server.
4. System Updates
Always keep updated. I run “aptitude full-upgrade” everyday on all debian machines.
also goes for Mac and Windows.