RECOMMENDED: Click here to fix Windows errors and optimize system performance
Learn how to secure your systems and prevent unauthorized access through the social sciences and humanities by following these simple suggestions.
SSH or Secure SHell replaced Telnet as the remote access protocol of choice somewhere in the 1990s, and for good reason. SSH allows administrators – or users – to access a remote shell via a secure tunnel by connecting their SSH client to an SSH server. SSH can also handle file transfers, which should replace FTP, although there are a surprising number of situations that still rely on good old plain text FTP.
For the reasons mentioned above, modern Linux systems are managed via SSH. Most experienced system administrators like the direct access and power they get when they can connect to the shell of their system in a relatively simple and secure way. In this article, I will focus on the sshd daemon of the OpenSSH server. We will discuss some of the security issues you may encounter and how to mitigate or solve them directly.
Locking Down SSH
We’re going to go over two things here. First, we’re going to disable the use of passwords to log into the system. Second, we’re going to disable the numbers that are acceptable to use.
Disabling Password Authentication
Switch to system B, either physically or via ssh (since we can do it now because we’re cool so easily). We will modify the following file:
First, secure it in case you crash and have to go back. It is much easier to copy a file than to try to figure out what it was like when it was working. When you have done this and not before, open this file in your favorite text editor (bonus points if it is Vim). Find the line that starts with :
If she says “yes” to the far right, change it to “no”. Save, stop and restart the ssh service:
systemctl restart sshd
service sshd restart
Why disable passwords? Passwords are as vulnerable to brute force attacks as our public/private keys are. Disabling the ability to use passwords mitigates this avenue of attack. If we set up our public/private keys and disable password authentication, we should be fairly well off.
Restricting access to port 22
Start by checking that the default SSH port (port 22) is open to the world. You can do this by running Nmap, which will check your network as you specify:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-22 20:56 EDT
Nmap scan report for 184.108.40.206
Host is up (0.26s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
Restricting access to Port 22 is the most basic action you can take to secure your system. I realize that this tactic may not work in all scenarios. Maybe you run a public system, or maybe the CIO travels a lot and accesses systems from many different locations (we’ll talk about VPNs in a moment). My point is that you may have a good reason for making SSH accessible to the general public. But think carefully about how to avoid this configuration. I did it, but mostly out of laziness. There is usually a better solution.
Whether you are building a new server or a virtual machine, it is a good idea to implement several layers of security in your environment. Organizations typically strive to get their infrastructure up and running as quickly as possible, but the necessary security measures must be implemented from the start.
By using the Linux SSH security methods listed above, you should be able to avoid common security threats in the cloud.
Make it difficult for hackers to penetrate your server(s) and limit possible damage. Be sure to implement as many of these best practices as possible before making your server available on the network.
RECOMMENDED: Click here to troubleshoot Windows errors and optimize system performance
CCNA, Web Developer, PC Troubleshooter
I am a computer enthusiast and a practicing IT Professional. I have years of experience behind me in computer programming, hardware troubleshooting and repair. I specialise in Web Development and Database Design. I also have a CCNA certification for Network Design and Troubleshooting.