NotesWhat is notes.io?

Notes brand slogan

Notes - notes.io

How To Create A Minecraft Server: Hardening The Server

Now that our server is up and running we need to harden it. Or make it more difficult for anyone to gain unauthorized access to it.



There are lots of posts about this online. Here are some of my favorites:



- 10 Steps to secure Linux Server for Production Enviornment: a medium.com post by Megha Pandey - 25 Hardening Security Tips for Linux Servers: a techmint article by Ravi Saive - How to harden Ubuntu Server 16.04 security in five steps: a techrepublic article by Jack Wallen



Securing SSHD



I remember the first time I mistakenly connected my raspberry-pi to the internet with port forwarding enabled on my router. I was hit with thousands of login attempts for random IP addresses within half an hour. One advantage to this is that I was forced to learn about better ssh practices.



Configuring SSHD



We are going to start by editing /etc/ssh/sshd_config.



Once you have that file open you want to uncomment and modify the following lines (I have arranged them by default value first, changed value second):



Creating an SSH Key



Next we need to create and add an rsa key to the server. On your local machine issue the following command:



Then press enter to save it to the default location, or enter a custom location. I recommend using ~/.ssh/id_rsa for the privileged user and ~/.ssh/minecraft_rsa for the Minecraft user.



Then enter a passphrase, this is another layer of added protection in case someone gets a hold of your private key. (*Note that you can also leave this blank for no passphrase, but it is highly discouraged).



Copying the SSH Key to the Minecraft Server



We can do this by issuing the following command (note that if you entered a different filename/file location, you need to use them here):



If you do not know your servers username or password (if you are currently using the web terminal) you can copy the key manually using the following steps:



1. Copy ~/.ssh/minecraft_rsa.pub to clipboard. You can do this in the following ways 1. Windows (WSL): cat ~/.ssh/minecraft_rsa.pub | clip.exe 2. Ubuntu: cat ~/.ssh/minecraft_rsa.pub | xclip 3. MacOS: cat ~/.ssh/minecraft_rsa.pub | pbcopy



Finally, we need to restart the sshd service so that our changes take effect.



Configuring the FireWall



I have found the easiest way to do this is using ufw. We start by enabling the service:



Next we need to setup some default rules



We also need to allow the port we specified for ssh to be open (remember I chose 2916, you need to replace that with the value you chose):



Now we need to allow traffic through port 25565 (the default port for Minecraft servers).



We can check and see all our rules by the following command:



Hardening the Network a Step Farther



This is a tip I learned while trying to disable ICMP broadcast requests. Taken from that Tech Republic article written by Jack Wallen that I mentioned in the beginning of this article.



There is a very simple way to prevent source routing of incoming packets (and log all malformed IPs) on your Ubuntu Server. MINECRAFT SERVERS Open a terminal window, issue the command sudo nano /etc/sysctl.conf, and uncomment or add the following lines:



We then restart the service so that the changes take effect:



Setting Up the SSH Config On Our Local Machine



To make it easier to copy files and to access the server, we will be creating entries in our local machines ssh config (~/.ssh/config). Open that file in your favorite text editor and insert the following:



Now when we want to login to our server via ssh we can use:



or



This also makes copying files a lot easier. More on that later.


Read More: https://minecraft-server.live/
     
 
what is notes.io
 

Notes.io is a web-based application for taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000 notes created and continuing...

With notes.io;

  • * You can take a note from anywhere and any device with internet connection.
  • * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
  • * You can quickly share your contents without website, blog and e-mail.
  • * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
  • * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.

Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.

Easy: Notes.io doesn’t require installation. Just write and share note!

Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )

Free: Notes.io works for 12 years and has been free since the day it was started.


You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;


Email: [email protected]

Twitter: http://twitter.com/notesio

Instagram: http://instagram.com/notes.io

Facebook: http://facebook.com/notesio



Regards;
Notes.io Team

     
 
Shortened Note Link
 
 
Looding Image
 
     
 
Long File
 
 

For written notes was greater than 18KB Unable to shorten.

To be smaller than 18KB, please organize your notes, or sign in.