Introduction
This article introduces the steps on how to secure a Linux server.
1 Keep the Linux Kernel and software updated.
2 Change password regularly.
3 Change SSH port
4 Enable the Firewall service and block unused ports.
5 Use SSH key Instead of the password to log in to the Linux server
1 Keep the Linux Kernel and software updated
An important step of securing the system is to install system patches in time.
Linux provides many necessary tools and methods to ensure the update of the system, and all security updates should be implemented as soon as possible.
Centos: yum update
Ubuntu: apt-get update && apt-get upgrade2 Change password regularly
Please check and change your login password regularly, and try to use a strong password as much as possible.
3 Change SSH port
Please refer to How to Change the SSH Port.
4 Enable the Firewall service and block unused ports
5 Use SSH key Instead of the password to log into the Linux server
-
Disable SSH password authentication.
-
Restrict root from logging in remotely.
Run the command "vi /etc/ssh/sshd_config" and ensure these lines:
PasswordAuthentication yes
PermitRootLogin yeslook like this:
PasswordAuthentication no
PermitRootLogin noRestart the SSH service to enable your changes. Note that it is a good idea to have two active connections to your server before restarting the SSH server.
Having that extra connection allows you to fix anything should the restart go wrong.
$ sudo service sshd restartAbout how to SSH to Linux server via Public Key Authentication, please refer to this How to SSH to Linux Server via Public Key Authentication
