First steps with new server

#change password
passwd

#update ubuntu/debian
apt-get update
apt-get upgrade

#install most needed packages in ubuntu/debian
apt-get install sudo openssl openssh-server fail2ban sudo

#add user to use for ssh connection (replace *user* with your own user name)
adduser *user*

#copy rules for fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

#edit
vim /etc/fail2ban/jail.local

#add or replace content in file to resemble:
[ssh-ddos]
enabled = true

#reset
/etc/init.d/fail2ban restart

#disable root access via ssh
mkdir --parents /home/*user*/.ssh
chown *user*:*user* /home/*user*/.ssh/
sed -i -e 's/PermitRootLogin.*/PermitRootLogin no/' '/etc/ssh/sshd_config'
/etc/init.d/ssh reload

#enable ssh connection only for selected user group
addgroup --system "ssh-users"
command echo 'AllowGroups ssh-users' >> /etc/ssh/sshd_config
/etc/init.d/ssh reload
adduser *user* ssh-users

#generate keys for ssh connection
#on client computer (machine that you will use to establish connection with server)
ssh-keygen -t rsa -f /home/*user*/.ssh/id_rsa
ssh-copy-id -i "/home/*localuser*/.ssh/id_rsa.pub" *user*@server

#on server
sed -i -e 's/^[#\t ]*PubkeyAuthentication[\t ]*.*$/PubkeyAuthentication yes/' '/etc/ssh/sshd_config'
/etc/init.d/ssh reload

#we can set custom ports for ssh server (ex. port 1234 instead 22)
command sed -i -e "s/^[#\t ]*Port[\t ]*.*\$/Port 1234/" '/etc/ssh/sshd_config'
/etc/init.d/ssh reload

#we edit rule for ssh inside fail2ban file:
echo "[ssh]
port = 1234" >> '/etc/fail2ban/jail.local'
/etc/init.d/fail2ban restart

#Profit!

 

Leave a Reply

Your email address will not be published.

*