Hardening Access to Your Server | Linux Security Tutorial

31 Comments



In this tutorial, we’ll go over how to harden your Linux server against unauthorized access. With these basic security practices in place, your server will be more secure from outside attacks.

Chapters:
0:00 – Intro
0:41 – Updating Your System
4:34 – Using Automatic Updates
6:20 – Add a Limited User Account
10:22 – Harden SSH Access
16:12 – Remove Unused Ports
17:57 – Outro

New to Linode? Get started here with a $100 credit → https://www.linode.com/linodetube
Read the doc for more information on Securing Your Server→ https://www.linode.com/docs/guides/securing-your-server/
Learn more about Security→ https://www.linode.com/docs/guides/security
Subscribe to get notified of new episodes as they come out → https://www.youtube.com/linode?sub_confirmation=1

#Security #Linode #ServerSecurity #Linux
Product: Linode, Server Security, Linux; Jay LaCroix;

source

31 Comments
    • blank
      Frank Macias
      May 09, 2022 19:33 pm Reply

      is there a part 2?

    • blank
      Karl GimmeDatForFree Marx
      May 09, 2022 19:33 pm Reply

      No Fail2Ban?

    • blank
      jeffrey schlieve
      May 09, 2022 19:33 pm Reply

      The video was great, I have one issue, I use SecureCRT and windows. is there a way to transfer the key with Secure CRT? I was not able to run the same commands from the windows dos prompt.

    • blank
      elvan göktepe
      May 09, 2022 19:33 pm Reply

      Hi thank you for this video. But i think i made something wrong while adding my user to sudo. Because it was writing "permitAsRoot Yes" I mean i couldnt locked ssh. How can i fix it? Thank you

    • blank
      Kamran İbrahimov
      May 09, 2022 19:33 pm Reply

      At 15:40, I am asked a password and then every time I get permission denied. Which password should I enter there? After multiple attempts, I get "Permission denied (publickey,password)" error.

    • blank
      Michael Jasperson
      May 09, 2022 19:33 pm Reply

      Really great stuff! I was able to set it up by myself and it feels soooooooooo gooood 😀 Thanks a lot for making those available!

    • blank
      Ben Gehring
      May 09, 2022 19:33 pm Reply

      In the group video, you show adding AllowGroups to the /etc/ssh/sshd_config file. What's the difference between that and using the -s flag when creating a user?

    • blank
      Dead Avenger
      May 09, 2022 19:33 pm Reply

      will unattended-upgrades upgrade packages like django and postgres? I don't want this to happen because it could break my application.

    • blank
      Bhakta Das
      May 09, 2022 19:33 pm Reply

      Love from India, Great Help

    • blank
      iLearnCode
      May 09, 2022 19:33 pm Reply

      They are pronounced "etsy" and "soo doo"? My life has been a lie. Also, why even within the same distro are there DIFFERENT instructions to do things? Ive been using "apt upgrade -yes" to upgrade, but here it is "apt dist-upgrade". Also, useradd AND adduser? Is that an inside joke at Linux Inc?

    • blank
      Ciro Ivan
      May 09, 2022 19:33 pm Reply

      Still waiting to see how to prevent ssh login without certificate

    • blank
      cmdaltctr
      May 09, 2022 19:33 pm Reply

      Thank you for this, you are a great teacher. Will there be video on setting up firewall?

    • blank
      Timothy Chng
      May 09, 2022 19:33 pm Reply

      not a tutorial to get you to Sys Admin level, would like to see that

    • blank
      XeonCode
      May 09, 2022 19:33 pm Reply

      very useful tutorial. thank you. but i have a question. when we use SSH keys to login our Linux server , how can we have sftp connection and transfer files from / to our server ?

    • blank
      Danny Mexen
      May 09, 2022 19:33 pm Reply

      Very helpful, thank you.

    • blank
      CJ T
      May 09, 2022 19:33 pm Reply

      I am so happy to see Jay on Linode channel. I started using Linode a year ago with his promo link, and I really like it. Going to set up more instance this year😍

    • blank
      Wellington Mendes
      May 09, 2022 19:33 pm Reply

      Very Nice. Greetings from Brazil.

    • blank
      Devasangeeth AC
      May 09, 2022 19:33 pm Reply

      What is the purpose of adding a second user other than root? is the root account doesn't need an SSH Key,? Can we create ssh keys for the root user and second user on a same local system?

    • blank
      Tanveer Salim
      May 09, 2022 19:33 pm Reply

      I personally like how Linode is featuring some of my favorite Youtubers. Wolfgang was also featured on Linode's channel. Thanks Linode!

    • blank
      rostranj
      May 09, 2022 19:33 pm Reply

      when I `$ exit ` it switches back to root and does not logged out. I also have to prepend the user with `@` and the ip address to log in. I can't log in just ssh and ip address… the latter after setting up ssh and testing on another terminal tab that it works the former right in the beginning when we first log out.

    • blank
      9/11 ruined Brendan Fraser’s career
      May 09, 2022 19:33 pm Reply

      I have been through every guide and cannot figure out why its still prompting me for password entry. I'm accessing a linode that runs on ubuntu 18.04 LTS from my local device (laptop) using an ubuntu 20.04 LTS terminal.

      I follow your steps exactly and it does not work.
      I follow your steps exactly + going into /etc/ssh/sshd_config and deleting "#" next to "PubKeyAuthentication yes" and deleting the "#" next to "PasswordAuthentication no" to enable the lines then save, exit log back in and it still prompts me for a password.

      My starting user in my laptop terminal is <MicrosoftUser>@<DeviceName> so I enter ssh root@<linodeIP> and it prompts for password. Do I need to copy the public key to my local device as well?

    • blank
      Lafayette
      May 09, 2022 19:33 pm Reply

      I've gone through this multiple times but can't figure out why mine only switch between root and my user@localhost, whereas yours has jay@webserver and jay@laptop. Whether that's relevant I do not know, but I get to the key and up to the point where you ssh into the linode is the same, but I still have to enter a password. I'm sure there's a detail I missing if my result is different but I'm at a complete loss.

    • blank
      Radoslav Ivanov
      May 09, 2022 19:33 pm Reply

      Really Great and Useful Video! Thank you Linode!

    • blank
      Hans Kinsella
      May 09, 2022 19:33 pm Reply

      Great video, really helpful content.

    • blank
      T.S.K
      May 09, 2022 19:33 pm Reply

      Thank you for this video.

    • blank
      Emanuel Faísca
      May 09, 2022 19:33 pm Reply

      Great Video! Thank you for this. Can you do one about firewall configuration.

    • blank
      Tech Tips
      May 09, 2022 19:33 pm Reply

      How to do hardening via ansible play book

    • blank
      Cybersoul
      May 09, 2022 19:33 pm Reply

      I am forever subscribed ! Thank you for this!! Please keep it up :)))

    • blank
      latlov
      May 09, 2022 19:33 pm Reply

      5:00 One question concerning "automatic upgrades". Will the system reboot automatically? or do we still have to reboot it ourselves? What if automatic rebooting, as a result of unattended-upgrades, affects the web applications or containers?

    • blank
      latlov
      May 09, 2022 19:33 pm Reply

      5:00 Automatic updates with:
      $ apt install unattended-upgrades
      $ dpkg-reconfigure –priority-low unattended-upgrades
      6:08 Confirm usage of unattended-upgrades
      7:00 Create a new user
      7:37 # ls /home
      7:43 # cat /etc/passwd
      7:55 Check whether sudo is installed or not: # which sudo
      8:20 visudo
      8:30 Make that new user a member of either those two groups (sudo or admin)
      9:10 Otherwise # usermod -aG [sudo,admin,wheel] userName
      9:36 # groups userName
      9:52 Make sure that sudo works: # su – userName
      10:02 Make sure sudo actually works: $ sudo apt update
      14:23 allowUsers user1 user2 etc
      15:15 $ sudo systemctl restart sshd
      16:20 List all ports that are actually listening for outside connections $ sudo ss -atpu
      17:20 $ sudo apt remove postfix

    • blank
      Bili Ch
      May 09, 2022 19:33 pm Reply

      Hi, I got a problem, when I try to access as you at 15:40 I can't access, ask me for a password, Wich I don't know what's the password
      ssh "ip address"
      "my user"@"linode-ip's password"
      I followed all your steps what can I do?

Leave us a comment