Hello guys!
Today I want to strengthen the security of my server. I want to make it in two different ways: first using dependency fail2ban
, second is to enforce using SSH key when logging in.
fail2ban
Fail2ban scans log files (e.g.
/var/log/apache/error_log
) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. (source)
Installation
sudo apt install fail2ban
Configuration
There won't be big changes for my needs, although it's recommended to make a local copy of config files:
sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
The only thing I will change in the default configuration of fail2ban
is to ban suspicious connections permanently except for 10 minutes. In /etc/fail2ban/jail.conf
I changed the value of field bantime
to a negative number.
Using SSH key for logging in
I've already had my SSH key, so I will skip part of creating it. For interested people, I will leave a link to the documentation of creating SSH keys in References section.
Configuration
1) Copy SSH key to the server
ssh-copy-id johndoe@XXX.XXX.XXX.XXX -p 12345
ssh-copy-id
will scan a computer for local SSH keys and copy them on the server. I had to confirm that I want to copy key by inputting password.
2) Disable login by password
After I was sure that I can log in with my key, I changed SSH configuration in file /etc/ssh/sshd_config
:
. . .
PasswordAuthentication no
. . .
After save, I restarted SSH with sudo systemctl restart ssh
.
Discussion & suggestions
I would like to ask you, especially when you're more experienced in setting up machines like mine: what should I do to secure my server better? Which dependencies or config should I install/change? Thank you for your comments down below!
References
Cover image: Photo by Jaye Haych on Unsplash
Top comments (0)