Hardening Access to Your Server | Linux Security Tutorial
In this tutorial, we’ll go over how to harden your Linux server against unauthorized access. With these basic security practices in place, your server will be more secure from outside attacks.
Chapters:
0:00 – Intro
0:41 – Updating Your System
4:34 – Using Automatic Updates
6:20 – Add a Limited User Account
10:22 – Harden SSH Access
16:12 – Remove Unused Ports
17:57 – Outro
New to Linode? Get started here with a $100 credit → https://www.linode.com/linodetube
Read the doc for more information on Securing Your Server→ https://www.linode.com/docs/guides/securing-your-server/
Learn more about Security→ https://www.linode.com/docs/guides/security
Subscribe to get notified of new episodes as they come out → https://www.youtube.com/linode?sub_confirmation=1
#Security #Linode #ServerSecurity #Linux
Product: Linode, Server Security, Linux; Jay LaCroix;
source
31 Comments
Frank Macias
May 09, 2022 19:33 pmis there a part 2?
Karl GimmeDatForFree Marx
May 09, 2022 19:33 pmNo Fail2Ban?
jeffrey schlieve
May 09, 2022 19:33 pmThe video was great, I have one issue, I use SecureCRT and windows. is there a way to transfer the key with Secure CRT? I was not able to run the same commands from the windows dos prompt.
elvan göktepe
May 09, 2022 19:33 pmHi thank you for this video. But i think i made something wrong while adding my user to sudo. Because it was writing "permitAsRoot Yes" I mean i couldnt locked ssh. How can i fix it? Thank you
Kamran İbrahimov
May 09, 2022 19:33 pmAt 15:40, I am asked a password and then every time I get permission denied. Which password should I enter there? After multiple attempts, I get "Permission denied (publickey,password)" error.
Michael Jasperson
May 09, 2022 19:33 pmReally great stuff! I was able to set it up by myself and it feels soooooooooo gooood 😀 Thanks a lot for making those available!
Ben Gehring
May 09, 2022 19:33 pmIn the group video, you show adding AllowGroups to the /etc/ssh/sshd_config file. What's the difference between that and using the -s flag when creating a user?
Dead Avenger
May 09, 2022 19:33 pmwill unattended-upgrades upgrade packages like django and postgres? I don't want this to happen because it could break my application.
Bhakta Das
May 09, 2022 19:33 pmLove from India, Great Help
iLearnCode
May 09, 2022 19:33 pmThey are pronounced "etsy" and "soo doo"? My life has been a lie. Also, why even within the same distro are there DIFFERENT instructions to do things? Ive been using "apt upgrade -yes" to upgrade, but here it is "apt dist-upgrade". Also, useradd AND adduser? Is that an inside joke at Linux Inc?
Ciro Ivan
May 09, 2022 19:33 pmStill waiting to see how to prevent ssh login without certificate
cmdaltctr
May 09, 2022 19:33 pmThank you for this, you are a great teacher. Will there be video on setting up firewall?
Timothy Chng
May 09, 2022 19:33 pmnot a tutorial to get you to Sys Admin level, would like to see that
XeonCode
May 09, 2022 19:33 pmvery useful tutorial. thank you. but i have a question. when we use SSH keys to login our Linux server , how can we have sftp connection and transfer files from / to our server ?
Danny Mexen
May 09, 2022 19:33 pmVery helpful, thank you.
CJ T
May 09, 2022 19:33 pmI am so happy to see Jay on Linode channel. I started using Linode a year ago with his promo link, and I really like it. Going to set up more instance this year😍
Wellington Mendes
May 09, 2022 19:33 pmVery Nice. Greetings from Brazil.
Devasangeeth AC
May 09, 2022 19:33 pmWhat is the purpose of adding a second user other than root? is the root account doesn't need an SSH Key,? Can we create ssh keys for the root user and second user on a same local system?
Tanveer Salim
May 09, 2022 19:33 pmI personally like how Linode is featuring some of my favorite Youtubers. Wolfgang was also featured on Linode's channel. Thanks Linode!
rostranj
May 09, 2022 19:33 pmwhen I `$ exit ` it switches back to root and does not logged out. I also have to prepend the user with `@` and the ip address to log in. I can't log in just ssh and ip address… the latter after setting up ssh and testing on another terminal tab that it works the former right in the beginning when we first log out.
9/11 ruined Brendan Fraser’s career
May 09, 2022 19:33 pmI have been through every guide and cannot figure out why its still prompting me for password entry. I'm accessing a linode that runs on ubuntu 18.04 LTS from my local device (laptop) using an ubuntu 20.04 LTS terminal.
I follow your steps exactly and it does not work.
I follow your steps exactly + going into /etc/ssh/sshd_config and deleting "#" next to "PubKeyAuthentication yes" and deleting the "#" next to "PasswordAuthentication no" to enable the lines then save, exit log back in and it still prompts me for a password.
My starting user in my laptop terminal is <MicrosoftUser>@<DeviceName> so I enter ssh root@<linodeIP> and it prompts for password. Do I need to copy the public key to my local device as well?
Lafayette
May 09, 2022 19:33 pmI've gone through this multiple times but can't figure out why mine only switch between root and my user@localhost, whereas yours has jay@webserver and jay@laptop. Whether that's relevant I do not know, but I get to the key and up to the point where you ssh into the linode is the same, but I still have to enter a password. I'm sure there's a detail I missing if my result is different but I'm at a complete loss.
Radoslav Ivanov
May 09, 2022 19:33 pmReally Great and Useful Video! Thank you Linode!
Hans Kinsella
May 09, 2022 19:33 pmGreat video, really helpful content.
T.S.K
May 09, 2022 19:33 pmThank you for this video.
Emanuel Faísca
May 09, 2022 19:33 pmGreat Video! Thank you for this. Can you do one about firewall configuration.
Tech Tips
May 09, 2022 19:33 pmHow to do hardening via ansible play book
Cybersoul
May 09, 2022 19:33 pmI am forever subscribed ! Thank you for this!! Please keep it up :)))
latlov
May 09, 2022 19:33 pm5:00 One question concerning "automatic upgrades". Will the system reboot automatically? or do we still have to reboot it ourselves? What if automatic rebooting, as a result of unattended-upgrades, affects the web applications or containers?
latlov
May 09, 2022 19:33 pm5:00 Automatic updates with:
$ apt install unattended-upgrades
$ dpkg-reconfigure –priority-low unattended-upgrades
6:08 Confirm usage of unattended-upgrades
7:00 Create a new user
7:37 # ls /home
7:43 # cat /etc/passwd
7:55 Check whether sudo is installed or not: # which sudo
8:20 visudo
8:30 Make that new user a member of either those two groups (sudo or admin)
9:10 Otherwise # usermod -aG [sudo,admin,wheel] userName
9:36 # groups userName
9:52 Make sure that sudo works: # su – userName
10:02 Make sure sudo actually works: $ sudo apt update
14:23 allowUsers user1 user2 etc
15:15 $ sudo systemctl restart sshd
16:20 List all ports that are actually listening for outside connections $ sudo ss -atpu
17:20 $ sudo apt remove postfix
Bili Ch
May 09, 2022 19:33 pmHi, I got a problem, when I try to access as you at 15:40 I can't access, ask me for a password, Wich I don't know what's the password
ssh "ip address"
"my user"@"linode-ip's password"
I followed all your steps what can I do?