*UNIX Servers, like any Device once it’s connected to the Internet, it could be under any Cyber Attacks. In this article, we will try to reach Best Practice Security methods, in order to secure our Server(s) login from non-authorized users.
First, when you access your *UNIX Server, it may show you the following:
Last failed login: Sat May 4 14:08:36 UTC 2019 from 126.96.36.199 on ssh:notty There were 9030 failed login attempts since the last successful login. Last login: Fri May 3 05:34:33 2019 from c-73-13-124-20.hsd1.XX.XXXXXX.net
As we can see, from these Information, there were 9030 tries to access our Server using username root, and the default port for SSH port 22. Hence, we need to change these settings. Let’s get started.
Open the SSH configuration file in any text editor
# vi /etc/ssh/sshd_config
Withing sshd_config, we are going to uncomment Port 22, and change 22 to whatever unassigned port number (you can choose between 1-65535 ).
After changing the Default Port number, we need to disable root user from login to the server remotely. uncomment PermitRootLogin yes and change it to no
Once we disable root from Login, we need to create and allow another user(s), to access the Server remotely. By adding AllowUsers to your SSH Configuration file under Authentication Section:
# Authentication: AllowUsers <username>
Save SSH Configuration File, and restart SSH service.
# systemctl restart sshd or # service ssh restart
Now, we are not able to login to our Server using root user, therefore, we need to login with user we have added to AllowUsers section.