(adsbygoogle = window.adsbygoogle || []).push({});

** I WILL BE TEACHING YOU HOW TO DO THIS WITH UBUNTU/DEBIAN & CENTOS/FEDORA/REDHAT (LINUX)! **

Introduction:

I made a thread a while back about how to setup a vps, and in this thread we're going to be protecting our SSH. We will be using multiple methods to do this, being;

- Changing the Port
- Disabling Root
- Fail2Ban

---

Changing the Port:

Everybody knows that the default SSH port for servers is 22. The cracker trying to access the server will try port 22 first. If you change the port to another one, say 1995, they will receive a "connection refused by server" error. Make sure the port you use for SSH doesn't conflict with any other ports you're using.

In order to this, we're going to need to change the port line in /etc/ssh/sshd_config. You can use any text editor, I just use nano. You can edit this through SFTP or Putty. If you're going to do it through putty, you're going to use the following command:

    nano /etc/ssh/sshd_config

After this use your arrow keys to navigate to the line where it has "Port = 22". Change 22 to any other port number that isn't already associated with something else. Then press ctrl + x to exit and hit enter for the filename. Make sure to save. Now all we need to do is restart our ssh service for changes to take effect. Use the following commands depending on the Linux OS of the server:

Debian/Ubuntu:

    /etc/init.d/ssh restart

CentOS/Fedora/RedHat

    /etc/init.d/sshd restart

---

Disabling Root:

Linux servers are pre-configured to allow ssh logins from all users, which also includes the ROOT user. The root user has every privilege and can basically do anything and everything with the server. Some forget to disable this user, and if an unauthorized user gains access to it, can do serious damage to your server.

To prevent this, we are going to disable the root user from being able to access SSH. To do this, first we're going to create a new user. To do this, we're going to be using the following commands:

    adduser [Whatever you want to name the user here]

passwd [Whatever you named the user] [Whatever you want the password to be]

NOTE: BEFORE DOING THIS, YOU MAY WANT TO MAKE SURE YOUR NEW USER IS ABLE TO SWITCH USERS BY DOING SU -

Now we're going to be opening and editing the same file as we did with the port, /etc/ssh/sshd_config. Once again use your preferred text editor to edit the file. This time, instead of looking for port, we're going to look for a different line that is commented out. What you want to find is "#PermitRootLogin no". All we need to do is remove the "#" symbol at the beginning to uncomment the line. Now all we need to do is restart our SSH service.

Debian/Ubuntu:

    /etc/init.d/ssh restart

CentOS/Fedora/RedHat

    /etc/init.d/sshd restart

Now if you try to access SSH through root, you should get the following:

    login as: root

Access denied

root@[IP]'s password:

Whenever you need to use the root user, we will use the SU command.

    su -

You will be prompted with a password, enter the root password and you are able to switch users to the root account from your account.

---

Fail2Ban:

Fail2Ban is an open-sourced python script designed to prevent and detect intrusions. If the user shows any signs of suspicious activity such as too many failed login attempts or searching for exploits, unless the user's IP is added to the white list, will add the IP to the iptables and block it for a certain amount of time (configurable).

For Ubuntu/Debian:

    sudo apt-get install fail2ban

For CentOS/Fedora/RedHat:

    yum install fail2ban

Once again, to configure use your preferred text editor or edit through SFTP. The configuration file path is /etc/fail2ban/jail.conf. Now we're going to be looking at 3 rules.

ignoreip: IgnoreIP allows you to exempt IP's from the rules, or whitelist them. You can add multiple ones separated by a space. You may want to add your external IP address in that line as well.

maxretry: MaxRetry is the number of failed logins you can have before being banned. This is determined by analysing log files.

bantime: BanTime is the number of seconds the user will be banned for if a rule is violated. You may change this to anything you like. The default value is 600 seconds, which is 10 minutes. I'd personally prefer it to be in hour units but it is what it is.

Once you've changed these to your liking, scroll down the configuration file

    [ssh-iptables]



enabled = true

filter = sshd

action = iptables[name=SSH, port=ssh, protocol=tcp]

            sendmail-whois[name=SSH, dest=root, [email protected]]

logpath  = /var/log/secure

maxretry = 5

I can't remember if this is enabled by default or not, but if it isn't enabled, change "false" to "true". Now exit and save your changes. Once you've saved your changes, you'll need to restart fail2ban for them to take effect. To restart it, use the following command:

    service fail2ban start

---

Conclusion:

That is how you basically protect your server's SSH security. You can do more than this, but this is all I find that you'd really need for a standard server, unless you're running a high-end server which is constantly trying to be cracked into, in which case you're probably not reading this thread.