Recommended installs

sudo apt update -yq && sudo apt upgrade -y && sudo apt install nginx fail2ban htop supervisor screen iptables-persistent mc -y
  • nginx – reverse proxy
  • fail2ban – scans logs, bans failed password attempts
  • htop – pretty process viewer
  • supervisor– monitors and controls applications
  • screen – manage persistent virtual terminals on server
  • iptables-persistent – Persistent iptables take care of automatic loading of saved firewall rules from /etc/iptables/rules.v4 for IPv4 and /etc/iptables/rules.v6 for IPv6. Reload iptables rules with netfilter-persistent reload. Try iptables -L, and you should see your rules in output.

Disable root login

  • Login to server as root
    ssh root@hostname
  • Add new user
    adduser foobar
  • Add root access for your user

    Below # User privilege specification add line:

    foobar     ALL=(ALL:ALL) ALL

    Save file and exit.

  • Configure ssh
    Edit /etc/ssh/sshd_config. Add following lines at the end of file.

    PermitRootLogin no # disables root login
    UseDNS no
    AllowUsers foobar
  • Save file and exit, reload ssh
    service ssh reload

Now you should be able to login with foobar, and not with root.

Change SSH port

Not necessary, but preferable as a security measure. Keeps your /var/log/auth.log less crowded with strange login attempts.

  • Edit /etc/ssh/sshd_config again.
    nano /etc/ssh/sshd_config
  • Locate line
    # Port 22
    Remove # and change 22 to another port
  • Save file and exit, reload ssh
    service ssh reload
  • Login to your server
    ssh root@hostname -p <your_new_ssh_port> 

Configure passwordless login

  • Create ssh key on your local machine
    ssh-keygen -t rsa
  • Create .ssh/authorized_keys on your server
    ssh foobar@hostname 'mkdir .ssh | touch .ssh/authorized_keys'
  • Copy your ssh key directly to your server
    cat ~/.ssh/ | ssh foobar@hostname 'cat >> .ssh/authorized_keys'
  • Try to login again. Server shouldn’t require a password.

Where to from here? Maybe…

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x