Securing your Server
Things you can do to secure your server running the Bonder
Securing your Server
These are a number of things you can do to secure an Ubuntu server.
Update your system
Keep the system up-to-date with the latest patches
sudo apt update -y && sudo apt full-upgrade -y
sudo apt autoremove -y && sudo apt autocleanSet up user configs
Disable the root user account and set a password for your account
sudo passwd -l root # While this is redundant when using Ubuntu, it is good practice to explicitly ensure that the account is disabled
sudo passwd ubuntuHarden SSH config
Edit SSH configuration
sudo vim /etc/ssh/sshd_configIn sshd_config file, update the values below or ensure that they are already set to these values.
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
KbdInteractiveAuthentication no # In versions prior to Ubuntu 22.04, this is called `ChallengeResponseAuthentication`
X11Forwarding noAt the bottom of the file, add a new line to allow only your user to access the server.
AllowUsers ubuntuVerify changes and reload service
sudo systemctl restart sshInstall fail2ban
Installing fail2ban will block out anyone who fails to repeatedly log in
sudo apt install fail2ban -yCreate a local configuration file
sudo vim /etc/fail2ban/jail.localAdd the following config
[sshd]
enabled = true
port = <22 or your random port number>
filter = sshd
logpath = /var/log/auth.log
maxretry = 3Restart services and show status
sudo service fail2ban restart
sudo service fail2ban statusFirewall
All incoming connections can be disallowed. Only outgoing connections need to be allowed.
For example, if using UFW
sudo ufw default deny incoming
sudo ufw allow 22 comment "Allow SSH"
sudo ufw enableReset the server
The base configuration is now set up and enabled. Restart the server now to complete the update and upgrade of packages and associated config.
sudo rebootAdd SSH 2FA
Check out the link below
Add SSH 2FALast updated