Wiki

User Tools

Site Tools

Trace:
systems:secure_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
systems:secure_server [2021/07/24 12:43] – created petersystems:secure_server [2021/07/24 12:57] (current) – [Stop Pings] peter
Line 16: Line 16:
 ---- ----
  
-===== Manual updates =====+===== Update =====
  
 <code bash> <code bash>
Line 32: Line 32:
 </code> </code>
  
-  * Select **Yes**.+<WRAP info> 
 +**NOTE:**  Select **Yes**. 
 +</WRAP> 
  
 ---- ----
  
-===== Add non-root user =====+===== Add non-root user =====
  
 <code bash> <code bash>
Line 44: Line 47:
 ---- ----
  
-===== Add peter user to sudo group =====+===== Add non-root user to sudo group =====
  
 <code bash> <code bash>
Line 52: Line 55:
 ---- ----
  
-===== logout =====+===== Logout of root account =====
  
 <code bash> <code bash>
Line 60: Line 63:
 ---- ----
  
-===== Login with peter =====+===== Login with non-root account =====
  
-Login using the peter user.+Login using the peter user account.
  
 ---- ----
Line 82: Line 85:
 </code> </code>
  
 +----
 +
 +==== Logout ====
 +
 +<code bash>
 logout logout
 +</code>
  
 ---- ----
  
-==== Create public & private key in separate PC====+==== Create public & private key in separate PC ====
  
 <code bash> <code bash>
Line 96: Line 105:
  
   * No passphrase.   * No passphrase.
-  * enter +  * Press **enter**. 
-  * enter+  * Press **enter**.
  
 </WRAP> </WRAP>
Line 111: Line 120:
  
 <WRAP info> <WRAP info>
-**NOTE:+**NOTE:**  This should display some files:
  
   * **id_rsa**:  Private key.   * **id_rsa**:  Private key.
Line 128: Line 137:
  
 <WRAP info> <WRAP info>
-**NOTE:**  This will create **authorized_keys** file in **.ssh** on the server.+**NOTE:**  This will create an **authorized_keys** file in **.ssh** on the server.
 </WRAP> </WRAP>
  
Line 137: Line 146:
 Try to log into server. Try to log into server.
  
-  Should allow without asking for a password.+<WRAP info> 
 +**NOTE:**  This should allow access without asking for a password. 
   * It is using the keys.   * It is using the keys.
 +
 +</WRAP>
  
 ---- ----
Line 152: Line 165:
  
 sudo vi /etc/ssh/sshd_config sudo vi /etc/ssh/sshd_config
- 
-Port - change from 22 to 717 
-AddressFamily inet - change to only allow ipv4. 
-PermitRootLogin - change to no 
-PasswordAuthentication yes - change to no 
 </code> </code>
 +
 +<WRAP info>
 +**NOTE:** Make the following changes:
 +
 +  * Port:  Change from 22 to 717
 +  * AddressFamily inet:  Only allow ipv4.
 +  * PermitRootLogin:  Change to **no**.
 +  * PasswordAuthentication yes:  Change to **no**.
 +
 +</WRAP>
 +
  
 ---- ----
Line 185: Line 204:
 <code bash> <code bash>
 ssh peter@192.168.1.x -p 717 ssh peter@192.168.1.x -p 717
-<code bash>+</code>
  
 <WRAP info> <WRAP info>
Line 229: Line 248:
  
 <WRAP info> <WRAP info>
-**NOTE: Press **y**.+**NOTE:** Press **y**.
 </WRAP> </WRAP>
  
Line 270: Line 289:
 </code> </code>
  
-Add a new line above this: +  * Add a new line above this: <file bash /etc/ufw/before.rules>
- +
-<file bash /etc/ufw/before.rules>+
 ->ok icmp codes for input ->ok icmp codes for input
 </file> </file>
Line 279: Line 296:
 ufw-before-input -p icmp --icmp-type echo-request -j DROP ufw-before-input -p icmp --icmp-type echo-request -j DROP
 </code> </code>
 +
 +----
 +
 +==== Reload UFW ====
  
 <code bash> <code bash>
systems/secure_server.1627130626.txt.gz · Last modified: 2021/07/24 12:43 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki