Howto : Add user and Secure your ssh access


Please shareShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditDigg thisShare on StumbleUponShare on VKBuffer this page

One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh. This howto shows you how to add a new user to your server  so  that you can su or sudo to root from it .

We will begin by how to add a new user to your server,after we will show how  to disable root login and use sudo instead.

First Open your terminal, as root type the commands :

adduser  unixmen

passwd  password
After  add the  user  to the  sudo file, open up the /etc/sudoers file in your editor
vi    /etc/sudoers   or   gedit /etc/sudoers
and  add  the line of  the  user  under root line
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
unixmen  ALL=(ALL)  ALL
For security reason we advice you  to disable the root user from logging in directly through SSH,to do that  open up the sshd_config file in your editor.
vi  /etc/ssh/sshd_config or  gedit /etc/ssh/sshd_config
#PermitRootLogin yes
Make the line look like this to disable logging in through ssh as root
PermitRootLogin no (without #)

and restart your sshd :

service  sshd  restart
Now for more security we advise you to change your ssh port from the default #port 22 to something  like 4567 or 31022. To do that, go to your sshd_config file and open it with vi or gedit :
1-First open up the sshd_config file in your editor.

vi /etc/ssh/sshd_config  or gedit /etc/ssh/sshd_config
2-In the configuration look for the line below and change #port 22 with for example port 31022

# default value.                       # default value.                             
#Port 22              chage with     port 31022 (without #)
#Protocol 2,1                           #Protocol 2,1
Protocol 2                               Protocol 2
#AddressFamily any                 #AddressFamily any
#ListenAddress            #ListenAddress
#ListenAddress ::                    #ListenAddress ::

3- Also we advice you to set the LoginGraceTime, the LoginGraceTime configures the server to disconnect the user after a set amount of time if they have not successfully logged in, to do that , always in your sshd_config file :

LoginGraceTime 20s

PermitRootLogin no
#StrictModes yes
MaxAuthTries 3

4-Now restart SSH. As root run the command:

/etc/init.d/sshd restart

Now you can run your sshd secure, and will make it hard for others to login to your server.