SSH security hardening: Protecting the Linux SysOps environment from attacks
Introduction:
Secure Shell (SSH) is a method widely used in remote management and file transfer. and secure transmission protocols. However, since SSH is often the target of hackers, it is very important to securely harden your SSH server. This article will introduce some practical methods to help SysOps (system operation and maintenance) personnel harden and protect their Linux environment from SSH attacks.
1. Disable SSH ROOT login
SSH ROOT login is one of the most popular targets for hackers. Hackers can use brute force cracking or attacks against known SSH vulnerabilities to gain administrator privileges through SSH ROOT login. To prevent this from happening, disabling SSH ROOT login is a very important step.
In the SSH configuration file (usually /etc/ssh/sshd_config), find the "PermitRootLogin" option, change its value to "no", and then restart the SSH service. The modified configuration is as follows:
PermitRootLogin no
2. Use SSH key authentication
SSH key authentication uses an asymmetric encryption algorithm, which is better than traditional password-based authentication. safer. When using SSH key authentication, the user needs to generate a pair of keys, the public key is stored on the server, and the private key is stored on the client. When a user logs in, the server confirms the user's identity by verifying the correctness of the public key.
Method to generate SSH keys:
After completing the above steps, you can disable password login and only allow key login. In the SSH configuration file, change the "PasswordAuthentication" option to "no", and then restart the SSH service.
PasswordAuthentication no
3. Change the SSH port
By default, the SSH server listens on port 22. Since this port is public, it is vulnerable to brute force or port scanning. To improve security, we can change the listening port of the SSH server.
In the SSH configuration file, find the "Port" option and set it to an unconventional port number, such as 2222. Remember to restart the SSH service.
Port 2222
4. Use a firewall to restrict SSH access
Configuring a firewall is one of the important steps to protect the server. By using a firewall, we can restrict SSH access to only specific IP addresses or ranges of IP addresses.
Using iptables firewall, you can execute the following command to restrict SSH access:
sudo iptables -A INPUT -p tcp --dport 2222 -s IP address allowed to access -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 2222 -j DROP
The above command allows the specified IP address to access SSH and blocks access from all other IP addresses. Remember to save and apply the firewall rules.
5. Use Fail2Ban to automatically block malicious IPs
Fail2Ban is a tool that can automatically monitor log files and block malicious behaviors. By monitoring failed SSH logins, Fail2Ban can automatically block attacker IP addresses.
After installing Fail2Ban, open its configuration file (usually /etc/fail2ban/jail.conf) and perform the following configuration:
[sshd]
enabled = true
port = 2222
filter = sshd
maxretry = 3
findtime = 600
bantime = 3600
The above configuration means that if an IP address attempts SSH login for more than 10 minutes 3 times, it will be automatically blocked for 1 hour. After the configuration is complete, restart the Fail2Ban service.
Summary:
By disabling SSH ROOT login, using SSH key authentication, changing SSH ports, using firewalls to limit SSH access, and using Fail2Ban, we can effectively harden and protect the Linux SysOps environment from SSH attack. The above are some practical methods that SysOps personnel can use to select appropriate security measures and implement them according to the actual situation. At the same time, regularly updating and monitoring the software and patches on the server is also key to protecting the server from attacks. Only by remaining vigilant and taking appropriate security measures can we ensure the security of our Linux environment.
The above is the detailed content of SSH Security Hardening: Protecting Linux SysOps Environments from Attacks. For more information, please follow other related articles on the PHP Chinese website!