Nguyen Trung Duc

Posted on Dec 20, 2022

Hardening ssh service on Ubuntu/Linux server

#devops #linux #ubuntu

Checklist:

Disable ssh login for root user
Disable password login

1. Create new user

adduser <username>

Add user to sudo group:

usermod -aG sudo <username>

or add this line to file /etc/sudoers.d/90-cloud-init-users (sudo without password)

<username> ALL=(ALL) NOPASSWD:ALL

2. Add ssh key for new user

Add ssh key to file /home/<username>/.ssh/authorized_keys

3. Disable root login and password based login

Edit file /etc/ssh/sshd_config, Find ChallengeResponseAuthentication and set to no:

ChallengeResponseAuthentication no

find PasswordAuthentication set to no:

PasswordAuthentication no

Search for UsePAM and set to no:

UsePAM no

Finally look for PermitRootLogin and set it to no:

PermitRootLogin no
PermitRootLogin prohibit-password

Save and close the file. Reload or restart the ssh server on Linux:

service ssh restart

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →

Top comments (0)

Try REST API Generation for Snowflake

DevOps for Private APIs. Automate the building, securing, and documenting of internal/private REST APIs with built-in enterprise security on bare-metal, VMs, or containers.

Auto-generated live APIs mapped from Snowflake database schema

Interactive Swagger API documentation

Scripting engine to customize your API

Built-in role-based access control

Publishing Multi-Arch Docker images to GHCR using Buildx and GitHub Actions

Pradumna Saraf - Dec 20 '24

Docker Swarm vs Kubernetes - A Deep Technical Analysis

CiCube - Dec 21 '24

Interview Questions on AWS EC2 and Compute Services

Sushant Gaurav - Dec 20 '24

Understanding the MLOps Lifecycle

Jesse Williams - Dec 17 '24

DEV Community