IT · Linux · Uncategorized

How configure a new Ubuntu installation to accept ssh connections?

sudo apt-get update
sudo apt-get install openssh-server
sudo ufw allow 22

That’s the very minimum. It allows unlimited failed password attempts on a known port. Direct root-login is disabled (you can still su and sudo once logged in). If your username and password are guessable and the Internet can see the server, somebody will eventually break in.

You need to harden it from the standard setup. I’ve gone through several suggestions on my blog but at the very least, I’d suggest:

  • Key-based logins. Disable password logins.
  • Move it off port 22. Use something crazy-high, in the 20000-60000 range.
  • Use fail2ban to ban people who do find it and try to brute it.

They take about 10 minutes in total and you go from a 1/10000 chance of being broken in to a probability so small, there isn’t enough paper in the world to write its fraction… Assuming you’re careful with your key, it has a password of its own and you don’t trumpet your credentials all over the net.

If the computer is behind a router, you’ll also want to do some port forwarding. This is router-specific so I’ll just direct you to http://portforward.com

 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s