Beginner Guide for Linux-Server Newbies: SSH

This will be a very basic explanation series, what you should keep in mind, when you are new to servers and especially if you’re new to Linux.

First of all we should take care of SSH.

Most of you want to access your server, which mostly will be located in some data-center in a city or even in another country from your home. SSH ist the most common and easy way to do this and is supported per default from your Linux installation (OpenSSH-Server).

root is the most important user on Linux. You have to choose a strong password and my recommendation is disabling root login after you created a personal user. (WARNING: don’t disable root login if you don’t have access via another user, you won’t be able to login at all!)

then you change:

to

Now you have to restart the SSH-service. Because it is possible to break your SSH config by making bad edits I recommend restarting your SSH-service (your active connection is not affected) and testing with a new shell. I recommend also copying files you are about to edit as a backup to sshd_config.bak or *.backup if you are more into this.

(If you are going deeper into administration you maybe should watch out for another editor like emacs because emacs will take a backup of the last version at every save.)


Most ssh login attempts on our server are probing only for root.


 

Now the easiest way to hijack your server is mostly secure, but your server is online 24/7 hopefully, so there is much time to Brute-Force your password. Linux disconnects after 3 failed logins per default but there is nothing which prevent them connecting immediately after this. If you choose a long and strong password it would take years to break in with those mostly dictionary based password attacks. But it also inflates your /var/log/auth.log file.


My first noob configured server had a auth.log with about a million lines of failed login attempts.


Now to prevent this we will use Fail2Ban which manages iptables for us.

After you installed Fail2Ban with:

you will find the the default configuration in

now take your favourite editor and read carefully jail.conf

if you read carefully you now type:

and now take your favourite editor to edit jail.local

If you only want to secure your SSH, everything is fine per default, but you can do some neat stuff later for the security of your Mail-Server or database-server as well.

If you are satisfied with your edit or the default configuration type:

to reload your new configuration.

 

Now your server should be secured against every SSH-attack.

If you want to take a step further to harden your server, you should look into Key-Authentication, which is excelent described in a very newbie friendly way on this site.

 

If you have questions or requests for more guides, please use the comments.

Leave a Reply

Your email address will not be published. Required fields are marked *