The first level of security of your server is to assure that your username and password are well chosen so as to not be easily guessed.

Choice of servers

Do not use FTP

FTP does not encrypt any information. Your username, password, files, etc. are are sent open and unencrypted during a session. This means that they can be intercepted by anyone 'listening'.

By only allowing access to your server via SSH, you can assure that you are only sending encrypted data. Also, SSH helps prevent brute force attacks, because it forces you to wait 5 seconds after a failed password attempt.

Therefore, prefer sftp or scp over ftp if you are comfortable with a more technical environment and if security is of high importance.

Limit access to root via sudoers (experts only)

This may not be applicable to your distribution. Please check with your distribution documentation before proceeding. See also: man sudoers for full documentation

You can use the /etc/sudoer file to assign which user has the right to log in as root, by first setting up a specific user or users with access to root, and then by locking root using the command:

sudo passwd -l root

Securing PermitRootLogin (experts only)

This may not be applicable to your distribution. Please check with your distribution documentation before proceeding.

Changing the value

To prevent the public from having access to the possibility of logging in as root on your machine, you can change a setting in the SSH configuration file so that you need to first log in as one user, and the pass to root using su. The advantage of this approach is that you need to know at least two passwords to have control over the machine.

The SSH configuration file is found here:

/etc/ssh/sshd_config  

In this file, change the value of PermitRootLogin from 'yes' to 'no' and then restart the SSH server. If you are using a terminal interface, switch to 'root' and type:

/etc/rc.d/init.d/sshd restart

New logging in procedure for "root"

If the PermitRootLogin is “no” or not declared as it is in some distributions by default, in order to connect as root, you will need to type the following once you are connected:

su

In order to have root access, however, you will obviously still need to know the root password.

Last modified: 10/27/2007 at 15:59 by Ryan Anderson