[Day 3] Additional server securing

Hello guys!

Today I want to strengthen the security of my server. I want to make it in two different ways: first using dependency fail2ban, second is to enforce using SSH key when logging in.

fail2ban

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. (source)

Installation

sudo apt install fail2ban

Configuration

There won't be big changes for my needs, although it's recommended to make a local copy of config files:

sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

The only thing I will change in the default configuration of fail2ban is to ban suspicious connections permanently except for 10 minutes. In /etc/fail2ban/jail.conf I changed the value of field bantime to a negative number.

Using SSH key for logging in

I've already had my SSH key, so I will skip part of creating it. For interested people, I will leave a link to the documentation of creating SSH keys in References section.

Configuration

1) Copy SSH key to the server

ssh-copy-id johndoe@XXX.XXX.XXX.XXX -p 12345

ssh-copy-id will scan a computer for local SSH keys and copy them on the server. I had to confirm that I want to copy key by inputting password.

2) Disable login by password

After I was sure that I can log in with my key, I changed SSH configuration in file /etc/ssh/sshd_config:

. . .
PasswordAuthentication no
. . .

After save, I restarted SSH with sudo systemctl restart ssh.

Discussion & suggestions

I would like to ask you, especially when you're more experienced in setting up machines like mine: what should I do to secure my server better? Which dependencies or config should I install/change? Thank you for your comments down below!

References

• fail2ban documentation
• Creating SSH keys — GitHub
• Setting up log in by SSH key

Cover image: Photo by Jaye Haych on Unsplash