Update: Rather embarrassingly I forgot to include restarting sshd. Also I have edited my formatting of the commands shown.
When you first set-up your Linux VPS the chances are that you are told to log in as ‘root’ directly, possibly even using a password like ‘123456’!
The steps in this two part tutorial should be enough to protect you against brute force attacks against SSH. Please note that it assumes you are familiar with the Linux shell and have already assigned a host name to your VPS.
First login to your sever and change the root password using:
root@remotehost:~ # passwd
As explained in XKCD a good password is long but easily memorised. My approach is to use song lyrics with around fifty letters.
Next create a new user account to log for logging into your VPS. In this case the user is called admin but you can name it whatever you like.
Then assign this account its own password. This must be different to the password you gave to root.
To find out which user group is allowed to gain root privileges use:
The line you are looking for will be something like:
In the event that there is no such line add it in and then create a corresponding user group:
(Feel free to substitute sudo with another name so long as you use it consistently).
Then add your new user into the group:
Now configure sudo to require the root password in to give root access.
Go back into
visudo and make the following change:
Note: If your VPS is running OpenSuse or SLES this has already been done for you.
At this point you will have to to restart the SSH daemon, however the exactly which of the following is used to do this depends on your choice of Linux distribution:
Where sshd may be replaced with, ssh, open-ssh or open-sshd.
Test that everything works so far attempting to log out, log back in and then become root:
user@localhost:~ $ ssh admin@remotehost
admin@remotehost:~ $ sudo -i
Assuming all of the above has worked it is now time to disable directly logging in as root. Edit the SSH daemon configuration file using:
Find the line that reads
and change it to
Finally restart the SSH daemon again.
At this point you have already made a drastic improvement to your security but you can do better by using public key authentication as I will explain in part 2.