Security 101: Servers (Linux)
But it's Linux! It's secure, right??!
This is a common misconception that many people hold, Linux is known for its robust security features, but even the most secure operating system can be vulnerable if not properly configured and hardened.
Best practices
- avoid using passwords, use keys (for windows, puttygen)
- generate and use 8192 bit rsa:
ssh-keygen -o -t rsa -a 100 -b 8192 -f ~/.ssh/id_rsa-8192 -C "dont@email.me" - Use ssh-copy-id
ssh-copy-id [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname -f: force mode -- copy keys without trying to check if they are already installed -n: dry run -- no keys are actually copied -h|-?: print this help example: ssh-copy-id -i ~/.ssh/id_rsa-8192 user@hostname.com- after ssh-copy-id you can use your key to authenticate:
ssh -i ~/.ssh/id_rsa-8192 user@hostname.comssh-copy-id takes your public key from your private key and puts it on the target host's
.ssh/authorized_keys - generate and use 8192 bit rsa:
Open Source softwares, that I use on my machines:
PortSentry
daemon that watch unused ports for activity and take action upon excessive access to watched ports.
apt install portsentry
systemctl enable portsentry
systemctl start portsentry
For more info, and detailed configuration: PortSentry on Gentoo Wiki
Fail2Ban
daemon to ban hosts that cause multiple authentication errors
apt install fail2ban
systemctl enable fail2ban
systemctl start fail2ban
You are now secured against those, who try to brute force your ssh, you can monitor every service and logfile, for more info and detailed configuration: Fail2ban Wiki on Github
to be updated...