First update and upgrade
# apt update # apt upgrade
Update Firewall (ufw)
Firewall needs to be enabled# ufw enableVerify firewall is active
# ufw status verboseAllow access to port 22
# ufw allow 22Configure firewall to allow the following additional ports:
- 80
- 8080
- 443
# sudo ufw allow from ###.###.###.### to any port 3389Recheck ufw status
# ufw status verboseThe results should be similar to the following:
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skipTo Action From -- ------ ---- 22 ALLOW IN Anywhere 80 ALLOW IN Anywhere 8080 ALLOW IN Anywhere 443 ALLOW IN Anywhere
3389 ALLOW IN ###.###.###.### 22 (v6) ALLOW IN Anywhere (v6) 80 (v6) ALLOW IN Anywhere (v6) 8080 (v6) ALLOW IN Anywhere (v6) 443 (v6) ALLOW IN Anywhere (v6)
Set up user
Add a user
# adduser example_user
Add to sudo group (if new user needs root privileges)
# adduser example_user sudo
Exit then log-in with new credentials.Secure SSH Log-in Using PuTTY
Enable firewall for ssh access
$ sudo ufw allow ssh
Configure the server
Backup the sshd_config file
$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Edit the sshd_config file
$ sudo nano /etc/ssh/sshd_config
Uncomment the following lines (remove the leading #):
Port 22
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
Generate keys with PuTTYgen
- Go to Windows Start menu → All Programs → PuTTY→ PuTTYgen
- Generate a public/private key pair
- Parameters (use defaults)
- Type of key: RSA
- bits: 2048
- click Generate
- Putty uses mouse movements for randomness
- When key generation is complete enter a passphrase
- Save public key
- Save private key
- Install public key on server
- In the users root directory create .ssh folder
$ mkdir ~/.ssh
- Create a new file as follows:
$ nano ~/.ssh/authorized_keys
- Copy/paste the public key created in step 2 in the new file. The key must be all on one line.
- Save the file
- Exit
Disable "root" user
$ sudo nano /etc/ssh/sshd_configFor security purposes, change PermitRootLogin to no. Save file. Reboot.