Notes
Notes - notes.io |
The Secure Shell Protocol, or SSH, is a cryptographic protocol designed to encrypt and secure network communications between two hosts. Because SSH provides secure communication, even when the network is insecure, it is useful.
This guide offers some best practices for protecting your SSH connections and preventing unauthorized access to your network.
Ensure the username/password combination is strong
Easy-to-guess passwords are one of the quickest ways to let someone access your server (or any device, for that matter). It is strongly advised against using passwords like 123456 or 123456because they are too easy to guess. A strong password will keep an outside attacker from brute-forcing your account by trying many ill-advised, common passwords.
Passwords with empty fields should be disabled
Another security measure that should be taken is to disable passwords that are empty or blank. Open the /etc / ssh / sshd configuration file in your editor of choice, then add the line PermitEmptyPasswords no. If it exists already, you can change its status to no. Blank passwords are as bad as weak ones due to this behavior.
Login as root should not be possible
It's never a good idea to have the root user have admin access on the server, which is why we never want to leave it unsecured. Instead of accessing your server with root, create a new user and grant it sudo access. The user can be added to the sudoer group by running usermod -aG sudo newuser, where newuser is his username.
In this case, you need to prevent root access. You may also add the line PermitRootLogin no. to the /etc / ssh / sshd config file with which you disabled blank passwords. Similarly, if it already exists, just change it from yes to no.
Change your default port
An attacker may try to gain access to a server through SSH by scanning for the open port 22, which is the default SSH port. If you want to prevent your device from being shown here, you need to change the default port that SSH uses.
Please add the following line to our SSH Done config file: Port XXXX, where XXXX represents the port value you want to use. click here Providing that the port numbers you choose are not already in use by another service, the method will work. If you change the port number, you need to restart the SSH service. You can restart sshd by using the service sshd restart command.
Nevertheless, in spite of this, an attacker will have more difficulty discovering your device.
Public and private keys are used
Another way to prevent an attacker from gaining access to your server is to use a public and private key pair. This method is an alternative to signing in with a username/password combo.
ssh-keygen -t rsa is what you need to run first on your client machine. Choosing a directory in which the keys will be stored, as well as whether a password should be added, is performed next. When the process is complete, it will have generated IDRSA and IDRSA.PUB (private and public keys).
Next, you should copy the SSH public key to the server, which can be done via ssh-copy-id. Additionally, you can copy the public key using scp. In the / .ssh folder, place the id rsa.pub Set the chmod 600 or .ssh permissions on the authorized keys directory The keys to an authorized computer.
In addition, we can disable public / private key authentication from being used for server authentication, so that only those logins with public / private key authentication will work. By adding or changing the number preceding PasswordAuthentication, one can accomplish this in the same sshd config file. Now, you won't have to type your password when logging in, because the authentication will be done by a public / private key pair.
More information can be found here on how to set up SSH keys.
Takeaways
When it comes to facilitating communication between devices, SSH is very useful. Insecurely configured and improperly configured SSH can, however, provide the perfect entryway for a malicious actor to get access to your network. The steps outlined above will ensure you never again have to worry about a hacker taking over your personal data. Hopefully, these tips will help you secure your server and eliminate your concerns about malicious attackers!
Homepage: https://shellngn.com
|
|
Notes.io is a web-based application for taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000 notes created and continuing...
With notes.io;
- * You can take a note from anywhere and any device with internet connection.
- * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
- * You can quickly share your contents without website, blog and e-mail.
- * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
- * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.
Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.
Easy: Notes.io doesn’t require installation. Just write and share note!
Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )
Free: Notes.io works for 12 years and has been free since the day it was started.
You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;
Email: [email protected]
Twitter: http://twitter.com/notesio
Instagram: http://instagram.com/notes.io
Facebook: http://facebook.com/notesio
Regards;
Notes.io Team
