Hop
Search…
Securing Server
Things you can do to secure your server running the Hop Node
These are some things you can do to secure an Ubuntu server.
These are examples and it's recommended that do your own research to know what's best for your own server.

Create new user instead of using default user

Create a non-root user with sudo privileges
1
sudo useradd -m -s /bin/bash alice
2
sudo passwd alice
3
sudo usermod -aG sudo alice
Copied!
Copy authorized SSH hosts to new user
1
su - alice
2
sudo cp -r /home/ubuntu/.ssh .ssh
3
sudo chown -R alice:alice .ssh
Copied!
Delete default user
1
sudo deluser --remove-home ubuntu
Copied!

Disable SSH root login

Edit SSH configuration
1
sudo vim /etc/ssh/sshd_config
Copied!
In sshd_config file, make sure to have the following settings:
1
PasswordAuthentication no
2
ChallengeResponseAuthentication no
3
PermitRootLogin prohibit-password
4
PermitEmptyPasswords no
Copied!
Verify changes and reload service
1
sudo sshd -t
2
sudo service ssh reload
Copied!

Only allow specific users for SSH

Edit SSH configuration
1
sudo vim /etc/ssh/sshd_config
Copied!
Edit or add AllowUsers with space separated usernames
1
AllowUsers alice
Copied!
Reload SSH service
1
sudo service ssh reload
Copied!

Disable root account

Disabling the root user account is a good idea
1
sudo passwd -l root
Copied!

Install fail2ban

Installing fail2ban will block out anyone who fails to repeatedly log in
1
sudo apt update
2
sudo apt install fail2ban -y
Copied!
Edit configuration file
1
sudo vim /etc/fail2ban/jail.conf
Copied!
Make sure to have these settings in jail.conf
1
ignoreip = 127.0.0.1/8 ::1
2
3
[sshd]
4
enabled = true
Copied!
Restart services and show status
1
sudo service fail2ban restart
2
sudo service fail2ban status
Copied!

Firewall

All incoming connections can be disallowed. Only outgoing connections need to be allowed.
For example, if using UFW
1
systemctl start ufw.service
2
systemctl enable ufw.service
3
4
sudo ufw default deny
5
sudo ufw allow "22/tcp" # allow SSH port
6
sudo ufw disable # must disable and enable to apply changes
7
sudo ufw enable
8
sudo ufw status
Copied!

Add SSH 2FA

Check out the link below