Securing your Server
Things you can do to secure your server running the Bonder
Securing your Server
These are a number of things you can do to secure an Ubuntu server.
Update your system
Keep the system up-to-date with the latest patches
sudo apt update -y && sudo apt full-upgrade -y
sudo apt autoremove -y && sudo apt autoclean
Set up user configs
Disable the root
user account and set a password for your account
sudo passwd -l root # While this is redundant when using Ubuntu, it is good practice to explicitly ensure that the account is disabled
sudo passwd ubuntu
Harden SSH config
Edit SSH configuration
sudo vim /etc/ssh/sshd_config
In sshd_config
file, update the values below or ensure that they are already set to these values.
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
KbdInteractiveAuthentication no # In versions prior to Ubuntu 22.04, this is called `ChallengeResponseAuthentication`
X11Forwarding no
At the bottom of the file, add a new line to allow only your user to access the server.
AllowUsers ubuntu
Verify changes and reload service
sudo systemctl restart ssh
Install fail2ban
Installing fail2ban will block out anyone who fails to repeatedly log in
sudo apt install fail2ban -y
Create a local configuration file
sudo vim /etc/fail2ban/jail.local
Add the following config
[sshd]
enabled = true
port = <22 or your random port number>
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
Restart services and show status
sudo service fail2ban restart
sudo service fail2ban status
Firewall
All incoming connections can be disallowed. Only outgoing connections need to be allowed.
For example, if using UFW
sudo ufw default deny incoming
sudo ufw allow 22 comment "Allow SSH"
sudo ufw enable
Reset the server
The base configuration is now set up and enabled. Restart the server now to complete the update and upgrade of packages and associated config.
sudo reboot
Add SSH 2FA
Check out the link below
Add SSH 2FALast updated