Linux server configuration
Guide for setting up and securing a linux server
π Generating SSH key
SSH keys are way more secure and practical than passwords. Follow the instructions below based on your preferred OS.
Start by downloading PuTTYgen. Open puttygen.exe and change number of bits from 2048 to 4096 and click Generate. This will generate a more secure SSH key.
Once you generate the SSH key, click on Save private key, when prompted about password, click Yes to ignore the warning. Once you saved your private key make sure to copy the public key block and save it somewhere, we'll be using it later on in the guide.
To generate SSH key in linux simply execute a command
ssh-keygen -t rsa -b 4096You'll be asked to enter a file name and a password, press enter to use the default name and no password. You have now generated public and private keys in your home directory inside .ssh folder.
π¨βπ§ Configuring a new user
One of the steps to securing your linux server is by never using root user in production. To accomplish this we'll need to create and configure a new user!
Creating a new user
Once you have logged into your newly installed linux server start by creating a new user with a good password when prompted. When asked for anything else, simply press enter to leave it empty.
sudo adduser YOUR_USERAdd the newly created user to sudo group.
adduser YOUR_USER sudoNow you can login into your new user by executing.
sudo su YOUR_USERAdding newly creating user to sudoers file and disabling password for sudo command.
sudo visudoOnce you've entered the file, paste your user definition at the very bottom, save and quit.
Switch to user you just created
Adding SSH key
Once you have logged we'll make sure you're inside your home directory, then create .ssh folder, move into it and create authorized_keysfile.
You can use any other preferred editor other than vim, like nano or similar. Paste your public key you generated earlier. Save and quit.
π» Configuring SSH keys for your terminal
Pick you preferred terminal and follow the steps, if you're using windows it's recommended to use Windows Terminal
Once you add your session in PuTTY, navigate to Auth tab under Connection/SSH. Select Browse and find your private SSH key you generated earlier. Go back to Session tab and select Save.
Once you configured your terminal to use SSH key, it's time to test if you're able to connect to your server! If you were able to connect successfully, you can now proceed with securing your server section!
π Securing your server
Simple changes like disabling password authentication will greatly increase security and will render brute force attacks by bots useless.
Disabling password authentication
To disable password we'll have to edit a config file
Find option called PasswordAuthentication either uncomment it or change the value from yes to no, save and quit. Restart ssh service to apply the changes
Limit su access
Limiting su (switch user) command will improve server security by limiting attacker's attack surface. This is as simple as editting an option in config. Uncomment auth required pam_wheel.so and you're done! Save and quit
Last updated