English
+370 5 205 5502 sales@monovm.com

In this article we are going to learn how to secure our Linux VPS.

17

Dec, 18

How to secure the Linux VPS?

How to secure the Linux VPS?

Nowadays the use of Linux servers on the Internet has grown enormously and with it, the amount of possible dangers, therefore security is an important factpor we should attend to.

In this article, we are going to study seven key points for security in Linux servers.

 

7 Key points for Linux Security

  1. Using complex and unpredictable passwords
  2. Disable login with root user
  3. Restricting user login
  4. Disable protocol 1
  5. Use non-standard ports
  6. Filtering SSH connections with the firewall
  7. Use the Security Keys to identify the identity

 

  1. Using complex and unpredictable passwords

The first step to secure a Linux VPS is to choose a complex password.

Hackers will first attempt to use Brute Force attacks to infiltrate your system. Having a complex and unpredictable password makes it impossible for them to gain access to your server throught brute force.

Here are a few tips to choose a sophisticated password:

  • Use at least 8 characters
  • Use upper and lower case letters
  • Put numbers between letters
  • Use non-numeric and non-letter characters

Use below code to change the password:

passwd username

To change the root password:

passwd root

 

  1. Disabling login with root user

Disabling login with root user means that you cannot use the root user when logging into the Linux Terminal.

To disable login with root user, follow these steps:

Open the file “etc/ssh/sshd_config/” with one editor:

nano /etc/ssh/sshd_config

Look for the following statement in this file and change the word yes to no.

# Prevent root logins:

 

PermitRootLogin no

 Restart the SSH service after making changes and save the file.

service ssh restart

 

  1. Restrict user logins

You may have a lot of usernames on your server, but only a few of them need to be logged in.

For example, you have 10 users on Linux, but only Sophia and Emma can remotely connect to the server.

To restrict Linux users, open the sshd_config file with an editor.

nano /etc/ssh/sshd_config

After the file is opened,

AllowUsers Sophia Emma

Restart the SSH service after making changes and save the file.

Service ssh restart

 

  1. Disabling protocol 1

nano /etc/ssh/sshd_config

The SSH service works with 2 protocols called protocols 1 and 2. Protocol 1 has less security, so it's better to use protocol 2 in your communications. To disable protocol 1, open the sshd_config file again with the editor. Find the following statement and change to "protocol 2".

# Protocol 2,1

 

Protocol 2

Restart the SSH service after making changes and save the file.

Service ssh restart

 

  1. Use non-standard ports for SSH

The default SSH service port is 22, so the hackers will check this port first. In some cases, administrators change the SSH port to 2222, but you should know that hackers will surely scan the port 22 and if they get no result, their second choice will be the port 2222. It's better to use the ports with a lot of digits that are not reserved for other services. The best choice is between 10,000 and 65,000, in which most of them are free.

 

  1. Filter SSH connections with a firewall

If you only connect remotely to the server and use a particular IP, you can use the following command to isolate your connection to the SSH service.

iptables –A INPUT –p tcp –s 5.56.233.9 –dport 22 –j –ACCEPT

By entering the above command, you can only connect to the server from a system that has an IP address of 5.56.233.9.

If you want to access the server from all locations, enter below commands:

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh –rsource

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

In the first command, you open access to port 22 for all IPs.

In the second command firewall automatically blocks the IPs that send multiple requests in less than 60 seconds.

Note: To properly execute the second command, you must add the default DROP policies.

 

  1. Use the Security Keys for identification.

Using the Security Keys has two main security advantages.

  1. You can access your terminal without entering a password.
  2. You can disable password logging completely so that no password is required to connecting to the server.

This feature protects against possible attacks such as Brute Force.

We hope this article has been helpful to you.

 

Sophia H

My name is Sophia H. My degree is MS in Information Technology Engineering. I have been working for 5 years on Java developing (j2ee), Computer Networking (Optical Networks), Virtualization and Hosting.