05-06-2018, 10:17 AM
I. Don't use the root account! Create a new sudoer account
II. Use SSH Keys!
Linux/Mac client
Windows
III. Disable password authentication!
IV. Install fail2ban
CentOS
Debian
2. Run and enable run at startup
Spoiler Expand
(Make sure you install sudo from your package manager if it's not installed)
1. Create the account. Enter all the details that is prompted.
2. Add the user to the sudoer group
3. Disable root login!
4. Restart sshd
1. Create the account. Enter all the details that is prompted.
Code:
useradd <username>
2. Add the user to the sudoer group
Code:
echo '<username> ALL=(ALL) ALL' >> /etc/sudoers
3. Disable root login!
Code:
echo 'PermitRootLogin no' >> /etc/ssh/sshd_config
4. Restart sshd
Code:
systemctl restart sshd
II. Use SSH Keys!
Linux/Mac client
Spoiler Expand
1. Generate the key.
If prompted for the path, just press enter.
As for the password, it's your choice to use it or not. (Though it's recommended to use a password for the key file)
2. Copy over the public key to your server
You can now connect to the server using ssh keys.
If prompted for the path, just press enter.
As for the password, it's your choice to use it or not. (Though it's recommended to use a password for the key file)
Code:
ssh-keygen -t rsa
Code:
ssh-copy-id <username>@<host>
You can now connect to the server using ssh keys.
Spoiler Expand
In Progress...
III. Disable password authentication!
Spoiler Expand
1. Just run this command to disable
2. Restart sshd
Code:
echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config
Code:
systemctl restart sshd
IV. Install fail2ban
CentOS
Spoiler Expand
1. Install
2. Run and enable run at startup
Code:
yum install epel-release #Needed repo
yum install fail2ban
Code:
systemctl enable fail2ban
systemctl start fail2ban
Spoiler Expand
Code:
apt-get install fail2ban
Code:
systemctl enable fail2ban
systemctl start fail2ban