| Table of Contents |
|---|
Introduction
Outlined here are the minimal security steps the Bonsai Framework uses in server builds.
Disable Direct Login as Root Through SSH
On a fresh Ubuntu setup from scratch the default values in your /setch/ssh/sshd_config is,
...
| Code Block | ||
|---|---|---|
| ||
sudo /etc/init.d/ssh restart |
Prevent SSH Brute Force Dictionary Attacks
As soon as it is on the Internet people will try to brute force attack your server over ssh. Basically they keep on pounding your system trying different passwords.
...
| Code Block | ||
|---|---|---|
| ||
2009-02-15 10:29:24,108 fail2ban.actions: WARNING \[ssh\] Ban 59.63.25.158 2009-02-15 10:39:24,137 fail2ban.actions: WARNING \[ssh\] Unban 59.63.25.158 |
Unbanning
To unban a user try these instructions. I am hesitant about playing with the ip tables in any way, so I have not tried myself. I usually just wait the 10 minutes.
According to the developers, Fail2ban version 0.9 will include an unban command through it's own client program.
Switch to SSH Key Authentication
If you system is on the Internet, switching to SSH key authentication this is a must do step.
...