SSH Security: Protecting Your Linux Server from Threats

hydn · March 27, 2023, 11:23am

Originally published at: SSH Security: Protecting Your Linux Server from Threats

As an essential tool for managing servers, SSH (Secure Shell) provides a secure way to remotely access a server’s command line. However, for best SSH security, it’s crucial to limit SSH access to specific IP addresses to reduce the risk of unauthorized access and brute force attacks. In this blog post, we’ll discuss methods to…

vintka · March 31, 2023, 11:58am

Great article, thanks! I would also add “port knocking” way here.

hydn · March 31, 2023, 6:33pm

Thanks. Yes indeed! Welcome to the forums

Let me add that info here in the article discussion as it is indeed via your suggestion:

Port knocking is a security technique that can be used to protect your server against unauthorized access. It involves opening ports on demand by “knocking” on a sequence of pre-defined ports in a specific order. Here are the steps to set up port knocking on Ubuntu:

Install the Knockd daemon:

sudo apt update ; sudo apt install knocked

Configure Knockd by editing the /etc/knockd.conf file:

sudo vi /etc/knockd.conf

In this file, you define the ports to be knocked and the command to execute when the correct sequence of ports is knocked. Here’s an example configuration:

[options]
UseSyslog

[openSSH]
sequence    = 1000,2000,3000
seq_timeout = 5
command     = /sbin/iptables -A INPUT -s %IP% -p tcp --dport xxxx -j ACCEPT
tcpflags    = syn

[closeSSH]
sequence    = 3000,2000,1000
seq_timeout = 5
command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport xxxx -j ACCEPT
tcpflags    = syn

In this example, we define two sequences: “openSSH” and “closeSSH”. When the sequence “1000,2000,3000” is knocked on the server, the command to allow incoming SSH connections on port xxxx will be executed. Conversely, when the sequence “3000,2000,1000” is knocked, the command to block incoming SSH connections on port xxxx will be executed. (replace port xxxx with your ssh port)

Start the Knockd daemon:

sudo systemctl enable knocked 
sudo systemctl start knocked

That’s it! You’ve now set up port knocking on your Ubuntu server. Please remember to test your configuration thoroughly before deploying it in a production environment.

Thanks @vintka