Today I will cover some useful commands you should most definitely know. One of the topics I will discuss today is the way of how to log in to your system. I know this might seem obvious, but using SSH and password is not the best practice for logging in. It’s a secure, but an insecure way of logging in at the same time!

When you are using SSH and password you are using a secure and encrypted channel, but at the same time someone might intercept your communication and get the password he needs, or you just use a weak password [a word from the dictionary etc.] and the attacker guesses it right… . This way you definitely need two things:

• A hard to guess password not from or based on a word found in dictionaries [combination of upper/lower case letters, numbers, special characters]
• A minimum length should start at least 20 characters

By using a strong password yo really protect yourself, but you need to make this protection even stronger. In the beginning of this series I told you to create a second user account [non-root] and put him into the sudo’ers file. This way you will not need to use your root password during your log in or usual work on your VPS. The usage of a non-root account is always recommended as being root is a very dangerous thing and you can do a lot of damage to your system.

The SSH login process…

Now we know we will use SSH to log in to our Linux VPS, but we will not use the default /etc/ssh/sshd-config settings as it is a default and thus everybody with a Linux system knows the settings It is not a bad thing everybody knows the settings, but the bad thing is they know the settings and thus know the port they need to attack

[ad#Adsense360]

The way we will edit the sshd_config file is by using our favourite editor. I like to use nano or vi, but you can use what you like and know the best. To edit the sshd_config file on a Debian Linux [Lenny] I would issue nano /etc/ssh/sshd_config or I would go to cd /etc/ssh/ and than issue nano sshd_config. It only depends on you and your preference.

The most important things to change in the sshd_config file are the listed below and broken down so you know why are we changing them:

# What ports, IPs and protocols we listen for
Port 22

Change this to whatever you want. A number between 1024-65535 is OK and do not use 0-1023 as those are “well known port numbers” and they are there for other things not SSH .

Protocol 2

I would also change this setting to Protocol 2

PermitRootLogin yes

I would change this to “no” as you do not want the root to be able to log in trough SSH for security reasons we talked about at the beginning of this article and before as well. We will use our newly created user for SU tasks

#PasswordAuthentication yes

If you will follow this tutorial then I would suggest changing this one to “no” as we will not use password authentication to log in to our Linux VPS box. Also remember to remove the “#” as now this line is not in effect and is commented out!!! We will use our own private certificate to log in and encrypt our session. This way only we will have acces to our VPS as only we will own the SSH certificate If you are happy by logging in trough SSH and a password than leave this as it is and only remove the  “#” sign!

AllowUsers your_non-root_user_name root

This line enables our newly created user to log in to our Linux VPS by issuing the ssh usr_name@your_vps_ip on your local host.

Just a couple of more settings would be these:

• X11Forwarding no
• UsePAM no

Very important things to remember

As soon as you end with editing the sshd_config file you have to reload the sshd_config field by issuing this statement /etc/init.d/ ssh reload and this will re-read your ssh settings. Now open a new terminal window on your local machine and try to log in to your VPS trough SSH. If you have opted to use a password and login name [you used PasswordAuthentication yes] then just issue this command your_login@ip_of_your_vps.

If you used “PasswordAuthentication no” then just read on in this tutorial and in the next step we will set up a SSH key pair and use it to log in to our VPS. In no way use this part of the tutorial without reading the next part!!!

No related posts.