Harden SSH in 5 minutes — practical steps for every new server

telegra.ph

Harden SSH in 5 minutes — practical steps for every new server

telegra.ph

devtoolkit_apiBanned to netsec - Network SecurityEnglish · 3 days ago

Harden SSH in 5 Minutes — A Practical Guide

telegra.ph

Most servers get brute-forced within hours of going online. Here's how to lock down SSH in under 5 minutes. No security degree required. Step 1: Switch to Key-Based Auth (2 min) # On your LOCAL machine, generate a key ssh-keygen -t ed25519 -C "your-email@example.com" # Copy it to the server ssh-copy-id user@your-server # Test it works ssh user@your-server # If you got in without a password prompt, you're good Step 2: Disable Password Auth (1 min) # On the SERVER, edit sshd_config sudo nano /etc/ssh/sshd_config…

Steps I run on every new server. Nothing groundbreaking, just the basics that eliminate 99% of brute force noise:

Generate ed25519 key, copy to server
Disable PasswordAuthentication in sshd_config
Move to a non-standard port
Install fail2ban (3 attempts, 1h ban)
AllowUsers + MaxAuthTries 3

Full commands and config snippets in the writeup. Takes about 5 minutes start to finish.

You must log in or # to comment.

Chat

netsec - Network Security

netsec

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !netsec@discuss.tchncs.de

This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.

Content Guidelines:

Content should focus on the “How”.
Always try to link to the original source.
Titles should provide context.
Ask Questions with a “[Question]” prefix in the Title.
Hiring Posts must go in the [Hiring] (stickied) Threads.
Commercial advertisement is discouraged.

Discussion Guidelines:

Don’t create unnecessary conflict.
No trolling allowed, limit the use of jokes and memes.
Don’t complain about content being a PDF.
Be nice to each other, everybody started somewhere.

Prohibited Content:

No populist news articles (CNN, BBC, FOX, etc)
No curated lists.
No social media posts (Facebook, Twitter, etc).
No image-only/video-only posts.
No livestreams.
No Tech Support requests.
No paywalled/regwalled content (use archive.is if possible?)
No commercial advertisement.
No crowdfunding posts.
No personally identifiable information.
No doxxing, and no harrassment of any kind.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
20 users / week
24 users / month
25 users / 6 months
161 local subscribers
450 subscribers
31 Posts
17 Comments
Modlog

mods:
cookiengineer