What should be the first thing you do with a new linux installation? Make it more secure! They include:
-
Disable root login from sshd
-
Allow authentication only through pre-configured ssh keys.
-
Install fail2ban
sshd changes
First, edit /etc/ssh/sshd_config (sudo vi /etc/ssh/sshd_config), and change
#PermitRootLogin yes #AuthorizedKeysFile .ssh/.authorized_keys
to
PermitRootLogin no AuthorizedKeysFile .ssh/.authorized_keys
Next, generate a ssh key on your local computer for authentication. There are plenty of how-to guides to do this (such as https://devops.profitbricks.com/tutorials/use-ssh-keys-with-putty-on-windows/ for Windows and https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys—2 for linux) but the essence is as follows for Windows users:
-
Download PuTTYgen and generate a key.
-
For "key comment", enter your username
-
For "key passphrase", you can enter a passphrase for extra security if wanted.
-
click "Save private key" and note location and filename.
-
In PuTTY, create a new session, and go to Connection→SSH→Auth→Browse and choose your private key. Save this session with the IP address.
-
On your linux box, edit ~/.ssh/.authorized_keys and paste in the content stored in PuTTYgen section titled "Public key for pasting into OpenSSH authorized_keys file". Make sure you copy ALL of it, including the beginning "ssh-rsa" text, AND the ending text after the "==" symbols.
-
Confirm the .authorized_keys file is mode 600 (chmod 600 .authorized_keys).
Wrap up these changes with a sshd restart:
sudo service sshd restart
fail2ban
Fail2ban is a service that modifies your iptables rules based on activity that is seen in your log files. If someone attempts to repeatedly log in with incorrect credentials, you can choose to have their IP banned from connecting again for a period of time. A good how-to guide for installing and configuring fail2ban is here: