![Cover image for [Day 2] Securing server with firewall](https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fqvfz822ligypfjm0r9lr.jpg)
Hello guys!
As I mentioned in previous post, today I will begin securing my server. Today's topic is disabling root access and setting up firewall.
Disable root and changing default SSH port
This one is very easy to achieve. With nano I edited file /etc/ssh/sshd_config by adding rule:
PermitRootLogin no
Also I learned that you should change port for SSH from default 22. In the same file I entered new value:
Port 12345
After that, SSH service restart is needed by command sudo service ssh restart. Now to log in to the server, I have to specify to which port I want to connect myself:
ssh login@XXX.XXX.XXX.XXX -p 12345
Firewall
Most common dependency for firewall is UFW. It was preinstalled on my machine, so all I have to do is to set up necessary rules.
The list of allowed communication both for IPv4 and IPv6 will be for now:
- SSH (only for new port)
- HTTP
- HTTPS
sudo ufw default deny incoming # by default ban all incoming connections
sudo ufw default allow outgoing # by default allow all outgoing connections
sudo ufw allow 12345 # allow to connect to new SSH port
sudo ufw deny 22 # deny to connect to old SSH port
sudo ufw allow http # allow to connect with HTTP connection (port 80)
sudo ufw allow https # allow to connect with HTTP connection (port 443)
sudo ufw enable # enable firewall
And very basic server securing is done! Tomorrow I will give a try with some other dependencies to prevent unauthorized access to my machine.
References
Cover image: Photo by Viktor Forgacs on Unsplash
Top comments (0)