Login Security for Linux Servers

Publish: 2017-03-25 | Modify: 2017-03-25

Linux Operating System and Server Security

linux

1. Change SSH Port

By default, Linux systems use port 22 for SSH connections. However, this default port is easily scanned or subjected to brute force attacks. It is highly recommended to change the SSH port to a less predictable number. If you are unsure how to change the SSH port, please refer to the following guide: How to Change SSH Port in Linux

2. Disable Root Login

The root user in Linux systems has god-like privileges. If a hacker gains root access to your server, the consequences can be devastating. To mitigate this risk, it is advised to create a regular user account and disable root login. Here are the general steps:

# Create a new user "hixz"
useradd hixz

# Set a password for the user "hixz"
passwd hixz

# Modify the SSH configuration file
vi /etc/ssh/sshd_config

# Change "PermitRootLogin yes" to "PermitRootLogin no" or comment out this line

# Restart the SSH service
service sshd restart

Modifying the configuration file requires root privileges. After completing the steps, the root user will no longer be able to log in. You can now log in using the regular user account (hixz). If specific operations require root privileges, you can switch to the root user using su - or use the sudo command.

3. Use Key-Based Authentication

If you still find the above measures insufficient, you can further enhance security by setting up key-based authentication. For detailed instructions, you can refer to the following article in the FAQ section of XiaoZ's blog: How to Configure Key-Based Authentication in Linux

4. Other Recommendations

While securing the login process is crucial, it is equally important to cultivate good security habits in everyday usage. Here are some additional recommendations:

  • Avoid executing third-party scripts from unknown sources.
  • Do not delegate server privileges to others without proper authorization.
  • Do not overly rely on automatic backups provided by hosting providers. Regularly backup your data independently.
  • Promptly check and patch server and software vulnerabilities.
  • Use complex and secure passwords.
  • Feel free to add any other recommendations.

Remember, maintaining a secure server environment requires a combination of preventive measures, best practices, and regular security audits.


Comments