How VPS - How to use/setup VPS
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
How VPS - How to use/setup VPS
No Result
View All Result
Home Operating System Linux

Securing SSH on Ubuntu 14.04

How VPS by How VPS
January 1, 2020
in Linux
0
0
SHARES
10
VIEWS
Share on FacebookShare on Twitter

Contents

  1. Create a new user
  2. Giving user root privileges
    1. Adding user to sudo group
    2. Modifying sudoers file
    3. Testing your new user
  3. Securing SSH
    1. SSH key
    2. SSH configuration
      1. Change SSH inbound port
      2. Disable root ssh login
      3. Disable X11 forward
      4. Restart SSH daemon
      5. Testing changes
  4. Want to contribute?


After you create a new server, there are some configuration tweaks that you should make to harden the security of your server.

Create a new user

As the root user, you have privileges to do anything that you want with the server – no restrictions. Because of this, it is better to avoid using the root user account for every task on your server. Let’s start by making a new user. Replace username with the desired user name:

adduser username

Choose a new secure password and respond to the questions accordingly (or just hit ENTER to use the default value).

Giving user root privileges

New user accounts don’t have privileges outside of their home folder and cannot run commands that will alter the server (like install, update, or upgrade). To avoid the use of the root account, we will give the user root privileges. There are two ways of doing this:

Adding user to sudo group

The easy way is to add the user to the sudo group. Replace username with the desired user name:

adduser username sudo

This will add the user to the group sudo. This group has the privilege of running the commands with sudo access.

Modifying sudoers file

The other way is to put your user in the sudoers file. If your server has multiple users with root privileges, then this approach is somewhat better because if someone messes with the sudo group, you will be still able to run commands with root privileges to work on the server.

First, run this command:

visudo

This will open the sudoers file. This file contains the definitions of groups and users who can run commands with root privileges.

root    ALL=(ALL:ALL) ALL

After this line, write your user name and grant it full root privileges. Replace username accordingly:

username    ALL=(ALL:ALL) ALL

Save and close the file (Ctrl + O and Ctrl + X in nano).

Testing your new user

To login to your new user account without logout and login, simply call:

su username

Test sudo permissions using this command:

sudo apt-get update

The shell will ask for your password. If sudo was configured properly, then your repositories should be updated. Otherwise, review the previous steps.

Now, logout from the new user:

exit

Sudo setup is complete.

Securing SSH

The next part of this guide involves securing the ssh login to the server. First, change the root password:

passwd root

Choose something hard to guess, but that you can remember.

SSH key

SSH keys are a safer way to login. If you are not interested in SSH keys, skip to the next part of the tutorial.

Use the following Vultr Doc to make an SSH key: How Do I Generate SSH Keys?

After you get your public key, login with your new user again.

su username

Now make the .ssh directory and the authorized_keys file in the home directory of that user account.

cd ~
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys

Add the public key that you generated from the other tutorial to the authorized_keys file.

 nano .ssh/authorized_keys

Save the file, then change the permissions of that file.

chmod 600 .ssh/authorized_keys

Return to the root user.

exit

SSH configuration

Now we will make the SSH daemon more secure. Let’s start with the config file:

nano /etc/ssh/sshd_config
Change SSH inbound port

This step will change the port used to access the server, it is entirely optional but recommended.

Find the line with the Port config, should look like this:

Port 22

Now change this port to any port that you want. It must be greater than 1024.

Port 4422
Disable root ssh login

This step will disable root login through SSH, it is entirely optional but highly recommended.

Find this line:

PermitRootLogin yes

… and change it to:

PermitRootLogin no

This will make the server more secure against bots that try brute force and/or common passwords with user root and port 22.

Disable X11 forward

This step will disable X11 forwarding, don’t do this if you use some remote desktop program to access to your server.

Find the X11 line:

X11Forwarding yes

… and it change to:

X11Forwarding no
Restart SSH daemon

Now that we made the changes to secure the SSH Login, restart the SSH service:

service ssh restart

This will restart and reload the server settings.

Testing changes

Without disconnecting your current ssh session, open a new terminal or PuTTY window and test another SSH login.

ssh -p 4422 [email protected]_IP_OR_DOMAIN

If everything checks out, we have successfully hardened the security of your server. Enjoy!

Want to contribute?

You could earn up to $300 by adding new articles

Submit your article
Suggest an update
Request an article
How VPS

How VPS

Related Posts

How to Install Apache Tomcat 8 on CentOS 7
Linux

How to Install Apache Tomcat 8 on CentOS 7?

February 11, 2020
Linux

Setup IonCube Loader on Ubuntu 14

January 1, 2020
Linux

Converting from MySQL to MariaDB on Ubuntu

January 1, 2020
Next Post

Create an HTML 5 RDP/SSH Frontend Using Guacamole on Ubuntu 16.04 LTS

How to Use ‘cat’ and ‘tac’ Commands with Examples in Linux

Track Bandwidth On Linux Using vnStat

How to Install Open Eshop on Ubuntu 16.04

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 121 Followers
  • 87.2k Followers

Recommended

How to Install Jenkins on CentOS 7

3 years ago

How to Install TextPattern CMS on a CentOS 7 LAMP VPS

3 years ago

How to Setup Varnish Cache 5.0 Proxy for Apache on CentOS 7

3 years ago

15 Practical Examples of ‘echo’ command in Linux

4 years ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • Arch
  • Authentication
  • Backups
  • BSD
  • Centmin Mod
  • CentOS
  • Control Panels
  • CoreOS
  • CWP
  • Debian
  • Directadmin
  • Encryption
  • Fedora
  • Firewalls
  • Hocvps Script
  • Hosting providers
  • Kloxo-MR
  • Linux
  • Mitigations
  • Operating System
  • Plesk
  • Reviews
  • Securing VPS/Servers
  • Security Patches
  • SSL Certificates
  • Uncategorized
  • Upgrading
  • VPS/Servers management guides
  • Vulnerability Detection
  • Web servers software
  • Webhosting Control Panel

Topics

Apache Web Server Bluehost Review 2019 Bluehost Review 2020 Bluehost Review 2021 Centmin Mod CentminMod centos install htop fsck htop install HTTP DoS attack Install Snort on an Ubuntu install Zabbix on CentOS install Zabbix on CentOS 7 Linux Commands linux guide linux install htop linux vps setup guide MariaDB MariaDB Error Mysql mysqld error optimize MariaDB optimize Mysql snort Ubuntu
No Result
View All Result

Highlights

Top Free Web Hosting Control Panels To Manage VPS/Dedicated Servers

Webmin Reviews

Virtualmin Reviews

CentOS Web Panel Reviews

Ajenti Reviews

ISPConfig Reviews

Trending

Failed to download metadata for repo 'appstream' on Centos 8
CentOS

How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8

by How VPS
February 25, 2022
0

I tried to update some extensions by use yum on centOs which I specified in Dockerfile. After...

How to Fix MySQL Error "Plugin 'InnoDB' registration as a STORAGE ENGINE failed"?

How to Fix MySQL Error “Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed”?

November 17, 2020
How to optimize Mysql or MariaDB

How to optimize Mysql or MariaDB

November 3, 2020
Top Free Web Hosting Control Panels To Manage VPS/Dedicated Servers

Top Free Web Hosting Control Panels To Manage VPS/Dedicated Servers

February 17, 2020
Webmin Reviews

Webmin Reviews

February 17, 2020
How VPS – How to use/setup VPS

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8 February 25, 2022
  • How to Fix MySQL Error “Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed”? November 17, 2020
  • How to optimize Mysql or MariaDB November 3, 2020

Categories

  • Arch
  • Authentication
  • Backups
  • BSD
  • Centmin Mod
  • CentOS
  • Control Panels
  • CoreOS
  • CWP
  • Debian
  • Directadmin
  • Encryption
  • Fedora
  • Firewalls
  • Hocvps Script
  • Hosting providers
  • Kloxo-MR
  • Linux
  • Mitigations
  • Operating System
  • Plesk
  • Reviews
  • Securing VPS/Servers
  • Security Patches
  • SSL Certificates
  • Uncategorized
  • Upgrading
  • VPS/Servers management guides
  • Vulnerability Detection
  • Web servers software
  • Webhosting Control Panel

[mc4wp_form]

© 2018 JNews - City News Magazine WordPress theme. All rights belong to their respective owners.
JNews is a top selling 2018 WordPress News, Blog, Newspaper & Magazine Theme.

No Result
View All Result
  • Home

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.