XZ

Xiao Z's blog

Learn, build, share

Enhancing Linux Server Login Security: Essential Hardening Steps

linux server securityssh hardeningdisable root loginssh key authenticationserver best practices
Published·Modified·

Linux operating systems are widely used in the server field, and security issues cannot be overlooked. Every day, there are scans, injections, and attacks on the network. As the first line of defense for Linux, "login" is crucial.

Linux Server

1. Change the SSH Port

Linux systems use port 22 for SSH by default. However, the default port is very easy to scan or brute-force, so changing it to a less guessable port is necessary. If you do not know how to change the SSH port, please refer to: How to Change SSH Port on Linux.

2. Disable Root Login

The root user is at the top level in the Linux system. Once a hacker obtains your server's root permissions, the consequences are unimaginable. We can create a new ordinary user and then disable the root user from logging in. The general steps are as follows:

# Create a new user named hixz
useradd hixz
# Set a password for hixz
passwd hixz
# Modify the SSH configuration file
vi /etc/ssh/sshd_config
# Change PermitRootLogin yes to PermitRootLogin no, or comment out this line
# Restart the SSH service
service sshd restart

Modifying the configuration file requires root user privileges. After completion, the root user will not be able to log in. Use an ordinary user (e.g., hixz) to log in instead. If certain operations require root permissions, you can switch to root using su - or use the sudo command.

3. Use Key-Based Login

If you feel this is not secure enough, you can further configure key-based login. For specific steps, please refer to the article in XiaoZ Blog's FAQ: Linux Configure Key-Based Login.

4. Other Recommendations

Even if the login settings are secure, neglecting daily usage habits can still lead to failure. Therefore, developing good usage habits is also very important.

  • Do not execute third-party scripts from unknown sources.
  • Do not arbitrarily transfer server permissions to others.
  • Do not overly rely on automatic backups provided by IDC providers; regularly backing up your own data is also very important.
  • Timely check and fix server and program vulnerabilities.
  • Set complex and secure passwords.
  • Others, welcome to supplement.