Howto : Add user and Secure your ssh access

by
Share this Article: Facebook0Google+5Twitter1LinkedIn0Reddit0StumbleUpon0

One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh. This howto shows you how to add a new user to your server  so  that you can su or sudo to root from it .

We will begin by how to add a new user to your server,after we will show how  to disable root login and use sudo instead.

First Open your terminal, as root type the commands :

adduser  unixmen

passwd  password
After  add the  user  to the  sudo file, open up the /etc/sudoers file in your editor
vi    /etc/sudoers   or   gedit /etc/sudoers
and  add  the line of  the  user  under root line
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
unixmen  ALL=(ALL)  ALL
For security reason we advice you  to disable the root user from logging in directly through SSH,to do that  open up the sshd_config file in your editor.
vi  /etc/ssh/sshd_config or  gedit /etc/ssh/sshd_config
#PermitRootLogin yes
Make the line look like this to disable logging in through ssh as root
PermitRootLogin no (without #)

and restart your sshd :

service  sshd  restart
Now for more security we advise you to change your ssh port from the default #port 22 to something  like 4567 or 31022. To do that, go to your sshd_config file and open it with vi or gedit :
1-First open up the sshd_config file in your editor.

vi /etc/ssh/sshd_config  or gedit /etc/ssh/sshd_config
2-In the configuration look for the line below and change #port 22 with for example port 31022

# default value.                       # default value.                             
#Port 22              chage with     port 31022 (without #)
#Protocol 2,1                           #Protocol 2,1
Protocol 2                               Protocol 2
#AddressFamily any                 #AddressFamily any
#ListenAddress 0.0.0.0            #ListenAddress 0.0.0.0
#ListenAddress ::                    #ListenAddress ::

3- Also we advice you to set the LoginGraceTime, the LoginGraceTime configures the server to disconnect the user after a set amount of time if they have not successfully logged in, to do that , always in your sshd_config file :

LoginGraceTime 20s

PermitRootLogin no
#StrictModes yes
MaxAuthTries 3

4-Now restart SSH. As root run the command:

/etc/init.d/sshd restart

Now you can run your sshd secure, and will make it hard for others to login to your server.

 

 

 

 

For questions please refer to our Q/A forum at : http://ask.unixmen.com/

Share this Article: Facebook0Google+5Twitter1LinkedIn0Reddit0StumbleUpon0