safarista/ssh_server_security.markdown

Last active December 16, 2015 09:28

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/safarista/5412995.js"></script>
Save safarista/5412995 to your computer and use it in GitHub Desktop.

Download ZIP

Securing SSH on UBUNTU Server 12.04 on a VPS

Raw

ssh_server_security.markdown

On the VPS. Setup a user in sudo group with sudo permissions

$ adduser deployer --ingroup sudo
NOTE: On Ubuntu >= -v11.0 the admin group was removed, the default is sudo

On your local machine, install ssh-copy-id:

$ brew install ssh-copy-id

Then, copy your ssh certificate onto your new slice form your local machine: enter password on prompt

$ ssh-copy-id deployer@IP_ADDRESS_OF_VPS

After testing that you can ssh into your VPS, open the sshd_config file on your slice, to improve security:

$ sudo nano /etc/ssh/sshd_config

The main things to change (or check) are:

  Port 33221          <--- change to a port of your choosing 
  Protocol 2 
  PermitRootLogin no 
  PasswordAuthentication no 
  UseDNS no 
  AllowUsers deployer

Save your changes and reload your sshd file:

$ sudo /etc/init.d/ssh reload

NOTE: Your VPS is now ready but remember your ssh --port when you log in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment