0

I'm one of those guys who climbs up the ladder to the high dive and jumps off, then realizes he doesn't know how to swim.

So I have a VPS, and I have no idea how to administer it. I understand one of the first things to do is secure it, and the first concrete step in that direction I've found so far is in moshen's comment:

Also, you should secure your SSH access as soon as possible. I recommend changing the default port, using key-based authentication and disabling password authentication and root logins (basically create a standard user account for you to log in with)

So far, all I know how to do is use my VPS provider's web interface to open a console with root access. So how do I follow moshen's advice?

Community
  • 1
brentonstrine
  • 121
  • 7
  • You can find several tutorials on this with a quick Google search. [Here's one such tutorial.](http://www.linuxquestions.org/questions/linux-security-4/how-to-secure-ssh-in-ubuntu-and-slackware-552275/) – tacotuesday Aug 24 '12 at 07:33
  • Well I was directed here from stack overflow. I'll go over to one of those. Eventually I'll get bumped to the correct place, I guess. – brentonstrine Aug 24 '12 at 07:38
  • Eventually the people at SO will learn there's more than two Stack Exchange sites. :) – Michael Hampton Aug 24 '12 at 07:39
  • 1
    These topics are covered here on SF: [Preventing brute force attacks against ssh?](http://serverfault.com/questions/4188/preventing-brute-force-attacks-against-ssh) [Why change default ssh port?](http://serverfault.com/questions/189282/why-change-default-ssh-port) [Why is SSH password authentication a security risk?](http://serverfault.com/questions/334448/why-is-ssh-password-authentication-a-security-risk). Also see [ssh](http://serverfault.com/questions/tagged/ssh). – Bobby Aug 24 '12 at 08:42
  • 4
    The people on SO don't really don't seem to care about what does and doesn't belong here. They just send over anything they don't like, whether it's appropriate or not. This site is for IT professionals and as a professional we expect everyone to show due diligence before posting. – John Gardeniers Aug 24 '12 at 09:34
  • More effort has gone into debating how to get rid of this question than into answering it. Doesn't anyone have anything better to do with their day? Summer of love anyone? http://blog.stackoverflow.com/2012/07/kicking-off-the-summer-of-love/ – dunxd Aug 24 '12 at 14:08
  • @dunxd What *are* you talking about? He was directed to an external tutorial, three relevant threads here and the `ssh` tag before John politely pointed out what was wrong with the thread. I don't know what more you expect, and personally feel that the links provided were more than could be reasonably expected. – HopelessN00b Aug 24 '12 at 15:15
  • Some of the more snarky comments that were here before have subsequently disappeared. The answer got voted up. Things feel a little more friendly now. – dunxd Aug 24 '12 at 16:10

1 Answers1

7

To secure your ssh you should do the next:

1) Make sure that you have an user with sudo access and public key, to do so follow the next steps:
a) Create the user by issuing:

useradd sudo_user

b) Login as this user and create a public/private key set, after which set the authorized_keys:

su - sudo_user
ssh-keygen -t rsa
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
exit

c) Get your private key from /home/sudo_user/.ssh/id_rsa that you will further use to login to the server:

cat /home/sudo_user/.ssh/id_rsa

d) Set sudo access for your user:

echo "sudo_user  ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers

2) Edit your /etc/ssh/sshd_config config and make the next changes:
a) Disable root access by making sure the next lines says:

PermitRootLogin no

b) Disable password authentication by setting:

PasswordAuthentication no

and

PubkeyAuthentication yes

c) Change the port for ssh, make sure that the new port is open in the firewall first:

Port 12345

You can change it though to anything you like. d) Reload ssh by issuing:

service sshd reload

or

service ssh reload
Logic Wreck
  • 1,428
  • 9
  • 8