The topic of security has always been relevant in the IT industry. In this article we will give some tips on how to secure your server and try to help to ensure that your server is not subjected to threats and attacks.
Last failed login: Mon Apr 15 13:52:45 MSK 2017 from 220.127.116.11 on ssh:notty There were 4395 failed login attempts since the last successful login.
If you found approximately such a message during your authorization to the server, it means that unsuccessful authorization attempts were made by someone else. Malicious users pick up SSH passwords purposefully (automatically, or using programmed infected computers).
Configure authorization from specific IP
Configure authorization from specific IP If you plan to connect to the server and conduct work only strictly from one device and / or only from certain IP addresses, you can enter the following lines:
/etc/hosts.deny sshd: ALL
In this file:
/etc/hosts.allow Sshd: Your IP address
Thus, SSH access for all subnets except the specified one will be denied. After that, you need to restart the service using the service:
service sshd restart
Change SSH port
To change the SSH port you need to uncomment this file
/etc/ssh/sshd_config and change Port 22 to a free one, it can be any number up to 65536
After that, you need to start the server with the command:
service sshd restart
Use SSH keys
The advantage and advantage of this method is that you can be authorized on the server without regularly having to send your password through the network.
Even if someone listens on your connection, he will not have the opportunity to intercept and crack your password, since in fact it is never transmitted. Also, using SSH to identify keys eliminates the risk associated with brute-force attacks, by significantly reducing the attacker’s chance to guess the correct credentials.
The key pair is created using the command
The private key (file without extension) is copied to the PC, and the public key (keyname.pub) is copied to the file on the server.
.ssh / authorized_keys
In order to disable password authorization, in the same SSH configuration, you need to change the
PasswordAuthentication yes directive to PasswordAuthentication no and restart the service – authorization will remain only with the SSH key.