General OS Hardening (Ubuntu 20.04 LTS)
ssh root@yourIPaddress
sudo apt update
sudo apt upgrade
You will disable the root user becasue you have sudo
adduser "you"
Add that user to sudo group
usermod -aG sudo "you"
Change the logged root to create an account
su - username
Check to see if your user is part of sudo group
sudo whoami
If it returns root you now have sudo privlages
exit
exit
Now move the root account and log out of ssh. Log back in with the created user account.
ssh user@yourIPaddress
Remove the root account from logging to ssh
sudo nano /etc/ssh/sshd_config
Find "PermitRootLogin" and change to "PermitRootLogin no"
Save and exit
Now restart ssh
sudo service ssh restart
Make sure if you try to log in with root again you get "permission denied"
Change ssh port and lockout policy
Check if firewall is enabled
sudo ufw status
Type in this if it is active
sudo ufw allow ssh
If you changed the port add this one too
sudo ufw allow ---
Now change the port
sudo nano /etc/ssh/sshd_config
Uncomment these lines and type in
Port ---
MaxAuthTries 5
You can change the max tries if need be. If the password is wrong more than 5 times it will lock out you IP address
Save and Exit
Restart ssh
sudo service ssh restart
To log back in you need to
ssh user@yourIPaddress -p "yourport"
SSH Settings
sudo nano /etc/ssh/sshd_config
First thing you are going to enable is Protocol 2
image
sudo system restart ssh
Timeout Idle value
If you're AFK while connected to ssh there could be an issue. You can decrease or increase the time you can be idle.
ClientAliveInterval 180
Last modified 1yr ago