Some ways to configure linux server security

Tram Ho

After a while working with Linux Server, I have a few small tips that can help your server be more secure

Change the SSH port

If you have worked with the server, you probably already know the term SSH

SSH , or known as Secure Shell , is a remote control protocol that allows users to control and edit servers remotely over the Internet … (Here I just introduce the basic definition only)

By default, SSH uses port 22/tcp for the user to access, since it is the default so everyone knows so to increase security we should change it.

I will guide you to change the SSH port

1. Access your server with user root (ssh [email protected] _ip)

2. Open the file /etc/ssh/sshd_config and find the Port 22 line and change it to the desired port (I like 6969)

3. Restart SSH

For CentOS and Fedora you use this command:

And for Debian and Ubuntu you use this command:

4. Use FireWall to enable port opening

For Ubuntu you use this command to open the port

Do not log in with the root user

User root is always a sensitive issue in security, it is the user with the highest authority, so it is very dangerous if exposed. To solve this, you should use a different user to access and then use the command sudo -i to switch to the user root .

I note you that in configuring Linux Server security with SSH, leave the password for the root user first. You can rest assured that if you have an SSH key and do not allow login via password, you can still use it when switching to a user.

The first step is to create a new user

Next is to set a password

Then next is the configuration to not allow login for the root user, open the file /etc/ssh/sshd_config and then navigate to the line

Then fix it to

And finally, the installation only allows deploy users to log into SSH

From now on, you can log into SSH using the deploy user. If you want to log in as the root user, you must type sudo -i and enter the root user password to be able to switch to the root user.

Restrict IP login to SSH

These should not apply if you use dynamic IP address. This is the third way to configure security for Linux Server with SSH. If you are using a static IP address then it is great against unauthorized logins. Just enter the following code in /etc/ssh/sshd_config finish:

Thus, only the IPs allowed above can access the server via SSH.

There are a few ways to secure your server, wish you success!

Share the news now

Source : Viblo