Securing the Server
CLICKING the STAR in the UPPER RIGHT promotes our PROJECT on GITHUB! - WARNING, PLEASE VISIT https://pgblitz.com/wikis/ - This is the old wiki!
Do NOT FORGET SECURITY BASICS 101
Page Table of Contents
In this section, we will discuss the following steps:
- Root Password
- SUDO user account
- PlexGuide Install
- SSH Root Access
- SSH Key Method - Not done yet!
First thing to do if you were given a root password from you Server/VPS provider (especially via email) is to change it, please type:-
NOTE: My system is a mix of German and English, will update images later to English!
Type your chosen password twice (don't worry if you do not see the cursor move, it's meant to stay blank for security reasons) and you should see something like this:-
SUDO user account
Next we want to create a SUDO user account as it's not a good idea to access and run everything with root!
Remember to change YOUR-USERNAME to whatever you want
useradd -m -d /home/YOUR-USERNAME YOUR-USERNAME usermod -aG sudo YOUR-USERNAME
Here we create a password for your new user (ideally different from your root password)
passwd YOUR-USERNAME su YOUR-USERNAME sudo usermod -s /bin/bash YOUR-USERNAME ### Switch to new user home folder ### cd ~
Example to compare against:-
To exit out of your new user or ssh you can type
exit and to change user just type
Now we need to install PlexGuide so that Fail2Ban and UFW are installed automatically. NOTE: This step can be skipped if you have already installed PlexGuide
CLICK HERE for methods and come back after you've installed it using the
You're nearly done, 3 more important steps to take!
CLICK HERE to set up the Fail2Ban Ban Hammer and come back afterwards.
UFW is your firewall, we'll just show you the minimum steps needed to protect your Server
sudo ufw status verbose sudo ufw default allow outgoing sudo ufw default deny incoming
Make sure to allow ssh or you will not be able to login!
sudo ufw allow ssh sudo ufw enable
Plenty more info out there if you want to make your server even more secure!
Here are two you can have a read of:-
Reboot your Server and login using your new user account as we will switch off root access in the next step!
SSH Root Access
Finally, we should block root login via ssh as this is what bots tend to hack first!
sudo nano /etc/ssh/sshd_config
PermitRootLogin yes and change the yes to no like this:-
Now to activate it we need to restart the ssh service with:-
sudo service ssh restart
SSH Key Method
- Please feel free to complete this for us!
For further reading check out the following:-
Info on securing servers via this blog: https://blog.devolutions.net/2017/4/10-steps-to-secure-open-ssh