1. Securing SSH access

If you are here, and you dont know anything about SSH, please stop here, first try to learn mething small about SSH, use it to log into any random server, do tests and exit. Then come back here.

Below are some tips which can be used to secure SSH

1.1. Change the SSH port

This is one of the most important step in making sure that your machine is secured. When you change the SSH port of your servers from 22 to a random port (e.g. 8716). This cuts off those initial newbie hackers who run scripts to trying to find a machine publicly accessible wth port 22 open

This however is only a first step

1.2. Use complex usernames and passwords

Some very known users include;

  • root, systems, sysadmin, itadmin, ict, {instition name}ict like renuict
  • service users like www-data, librenms, kafka, rancid, etc

Most of the times a malicious user might attempt random passwords on the users mentioned above until they luckily land a hit.

As such, you are recommended to use either complex usernames or passwords or both. If you choose to retain the normal usernames (like sysadmin or admin) you use, u can choose to use a relatively hard password, one which doesnt directly relate to any of your public information. You can generate a password using the following command in linux

user@server:~$ openssl rand -base64 12

this generates a 12 digit random string which you can use to as your password. In case you find this tedious, you can choose to generate a password syntax which you can use for each and every single server you have. An example could be: 1Ty3ah-myserver22781. In this case, an elearning platform server can have a password like 1Ty3ah-elearning22781

1.3. Avoid password login for the root user

Almost every linux/unix system has a root user. As such people are always sure that they can try random passwords on the root user. Avoiding password logins on the root user helps in mitigating this issue

This is done by setting this in the /etc/ssh/sshd_config file

PermitRootLogin no

1.4. Use SSH Keys instead of password

This helps in that you only use the SSH keys to log in instead of passwords, that way, unless someone has the right key, they will be prohibted from accessing the system

PasswordAuthentication no

1.5. Firewall

Last part could be setting firewall rules to only allow specific networks to ssh into ur systems

Other options exist but these above can be the initial step u can take

results matching ""

    No results matching ""