Sometimes you have servers hanging out in the public internet in ways that you have little control over the network and hardware firewalls. Setting up a hosted server, such as a Virtual Private Server (VPS) or “node” in the cloud can be scary. Fortunately software firewalls, such as iptables, can add a little to piece of mind. But, in these days of automated attacks, it is still not enough.
Usually the primary means of access to these servers is SSH. There are a couple really simple things can be done to make SSH more secure. I recently setup a new node on Linode. In the first hour there were 779 failed login attempts from hostile sources. As you can see, both sources of attack are from a hosts in china.
760 218.69.248.24 19 61.132.4.85
Most of these were against commonly used account names:
715 root 28 bin 5 oracle 4 r00t
This is not unusual activity and why the first three things I do is change the port number SSH listens on, disallow “root” logins, and specify which accounts are allowed to use SSH. These are all done by making changes to the sshd_config (on CentOS & Ubuntu it’s /etc/ssh/sshd_config) file:
#Default Port 22, choose an available port above 1024. Port 3434
# Prevent root logins: PermitRootLogin no #Allow only these specific users AllowUsers jaye rileys
After making the changes restart sshd (“service sshd restart” or “/etc/init.d/ssh restart” or “stop ssh ; start ssh”). But first, make sure to verify that the port you chose is available by running:
netstat -an | grep <port #> && LISTEN
These three changes can help protect you from most automated attacks. There are several other changes that I make. More of them can be found in my wiki under Securing SSH.
Jay Everson has over 20 years experience supporting production infrastructure and software R&D Labs. He has 12+ years experience in management and has also spent time in Software Engineer, Infrastructure Architect and Team Lead roles.
