Login Security for Linux Servers
Publish: 2017-03-25 | Modify: 2017-03-25
Linux Operating System and Server Security
1. Change SSH Port
By default, Linux systems use port 22 for SSH connections. However, this default port is easily scanned or subjected to brute force attacks. It is highly recommended to change the SSH port to a less predictable number. If you are unsure how to change the SSH port, please refer to the following guide: How to Change SSH Port in Linux
2. Disable Root Login
The root user in Linux systems has god-like privileges. If a hacker gains root access to your server, the consequences can be devastating. To mitigate this risk, it is advised to create a regular user account and disable root login. Here are the general steps:
# Create a new user "hixz"
useradd hixz
# Set a password for the user "hixz"
passwd hixz
# Modify the SSH configuration file
vi /etc/ssh/sshd_config
# Change "PermitRootLogin yes" to "PermitRootLogin no" or comment out this line
# Restart the SSH service
service sshd restartModifying the configuration file requires root privileges. After completing the steps, the root user will no longer be able to log in. You can now log in using the regular user account (hixz). If specific operations require root privileges, you can switch to the root user using su - or use the sudo command.
3. Use Key-Based Authentication
If you still find the above measures insufficient, you can further enhance security by setting up key-based authentication. For detailed instructions, you can refer to the following article in the FAQ section of XiaoZ's blog: How to Configure Key-Based Authentication in Linux
4. Other Recommendations
While securing the login process is crucial, it is equally important to cultivate good security habits in everyday usage. Here are some additional recommendations:
- Avoid executing third-party scripts from unknown sources.
- Do not delegate server privileges to others without proper authorization.
- Do not overly rely on automatic backups provided by hosting providers. Regularly backup your data independently.
- Promptly check and patch server and software vulnerabilities.
- Use complex and secure passwords.
- Feel free to add any other recommendations.
Remember, maintaining a secure server environment requires a combination of preventive measures, best practices, and regular security audits.
Comments
xiaoz
I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.
Random article
- Three Methods to Connect MySQL Database Locally (localhost)
- [AD] Bisheng Cloud Launches Sectigo (formerly Comodo) Free SSL Certificate
- Implementing DDNS (Dynamic DNS) using CloudXNS API
- Collection and Compilation of Common Public DNS Servers
- Exclusive Offer: Sign up for Kuacaiyun Intelligent CDN and Get 60GB Traffic for Free, Plus 30GB Monthly
- Finally Passed the Website Filing Application
- Enable TinyPNG to Compress Images for XZ Pic
- Zdir Update: Powerful and Practical Directory Listing Program
- Application Process for CIB Universal Life Debit Card, Free of Charge for the First 30 Cross-border Remittances and Telegraphic Transfers
- Installing Apache Bench on CentOS for Website Stress Testing