General OS Hardening (Ubuntu 20.04 LTS)

ssh root@yourIPaddress

Patching Software

sudo apt update
sudo apt upgrade

Making New User

You will disable the root user becasue you have sudo

adduser "you"

Add that user to sudo group

usermod -aG sudo "you"

Change the logged root to create an account

su - username

Check to see if your user is part of sudo group

sudo whoami

If it returns root you now have sudo privlages


Now move the root account and log out of ssh. Log back in with the created user account.

ssh user@yourIPaddress

Locking root

Remove the root account from logging to ssh

sudo nano /etc/ssh/sshd_config

Find "PermitRootLogin" and change to "PermitRootLogin no"

Save and exit

Now restart ssh

sudo service ssh restart

Make sure if you try to log in with root again you get "permission denied"

Change ssh port and lockout policy

Check if firewall is enabled

sudo ufw status

Type in this if it is active

sudo ufw allow ssh

If you changed the port add this one too

sudo ufw allow ---

Now change the port

sudo nano /etc/ssh/sshd_config

Uncomment these lines and type in

Port ---
MaxAuthTries 5

You can change the max tries if need be. If the password is wrong more than 5 times it will lock out you IP address

Save and Exit

Restart ssh

sudo service ssh restart

To log back in you need to

ssh user@yourIPaddress -p "yourport"

SSH Settings

sudo nano /etc/ssh/sshd_config

First thing you are going to enable is Protocol 2

sudo system restart ssh

Timeout Idle value

If you're AFK while connected to ssh there could be an issue. You can decrease or increase the time you can be idle.

ClientAliveInterval 180

Last updated