This guide describes how to secure Ubuntu 14.04 LTS server in only a few minutes with a few simple steps. It may not be the best way for everyone but it works well for me.
What you need to begin.
SSH client (e.g. PuTTY) connected to your Ubuntu server as root.
How to toughen up server access.
Begin by setting a new root password:
passwd
Run any available package upgrades:
apt-get update apt-get -y upgrade
Install fail2ban to help protect against brute force attacks:
apt-get install -y fail2ban
Setup a new user for server administration. You will need the password that is set here when using sudo with the admin account:
useradd -m -d /home/admin -s /bin/bash admin passwd admin mkdir /home/admin/.ssh chmod 700 /home/admin/.ssh
Put your public key in the authorized_keys file. Keys can be generated with tools such as PuTTYgen.
vim /home/admin/.ssh/authorized_keys
Secure the admin user’s home directory:
chmod 600 /home/admin/.ssh/authorized_keys chown -R admin:admin /home/admin/.ssh
Add sudo privilege to admin user:
visudo
Add the following line in section # User privilege specification.
admin ALL=(ALL:ALL) ALL
Save and exit.
nano /etc/ssh/sshd_config
Change sshd_config parameters as per below.
Port 22123 PermitRootLogin no
Add the following parameter at the end of the file.
AllowUsers admin
Enable firewall and permit SSH access.
ufw allow 22123 ufw enable
Save and exit.
reload ssh exit
You can now login with your SSH client on port 22123 using your newly created credentials.
Leave a Reply