Skip to content

Instantly share code, notes, and snippets.

@leoken

leoken/gist:2767613

Forked from rxgx/code-server.md
Created May 22, 2012 08:33
Show Gist options
  • Save leoken/2767613 to your computer and use it in GitHub Desktop.
Save leoken/2767613 to your computer and use it in GitHub Desktop.
Download ZIP
Cloud Server Security Checklist for Ubuntu 11.10
Raw
gistfile1.md

###Getting Started

Login as root. If you don't specify root, you'll use the current user on your machine.

ssh root@12.34.56.78

Change root password.

passwd

Add new user and assign to the sudo or admin group.

adduser user
usermod -a -G admin user

###Copy Public Key

Copy your public key to the host using secure file copy.

scp ~/.ssh/id_rsa.pub user@1.2.3.4:/home/demo/

Create a ssh directory and apply user’s permissions.

mkdir /home/user/.ssh
mv /home/user/id_rsa.pub /home/user/.ssh/authorized_keys
chown -R user:user /home/user/.ssh
chmod 700 /home/user/.ssh
chmod 600 /home/user/.ssh/authorized_keys

###Configure SSH

Edit the config file.

vi /etc/ssh/sshd_config

Edit the following lines.

Port 30000
Protocol 2
PermitRootLogin no
PasswordAuthentication no
UseDNS no
AllowUsers user

Port: The port number can readily be any integer between 1025 and 65536 (inclusive), but should be noted for reference later when any additional listening processes are setup, as it will be important to avoid conflicts. The SSH port in your iptables should reflect the port above otherwise you will not be able to access the server remotely.

AllowUsers: If you need to allow remote logins for more than one user, add the additional users to the AllowUsers setting separated by spaces.

###Configure the Firewall

Check the current firewall rules.

/sbin/iptables -L

Copy the rules template from a public Gist file.

curl https://raw.github.com/gist/407008/ > /etc/iptables.up.rules

Overwrite the existing rules with our new file.

/sbin/iptables-restore < /etc/iptables.up.rules

Verify that the rules are correct.

/sbin/iptables -L

Save the rules permanently.

iptables-save > /etc/iptables.up.rules

Edit the following file so that the rules are loaded on restart.

vi /etc/network/interfaces

Add this line:

pre-up iptables-restore < /etc/iptables.up.rules

After this line:

iface lo inet loopback

###Verify User Account and Customizations

Reload the SSH server.

service ssh restart

Log-in as the new user with a new terminal tab or window.

ssh user@12.34.56.78 -p 30000

Add this line to the bottom of the bashrc file to add colors to the prompt.

vi ~/.bashrc
PS1='\[\033[0;32m\]\u\[\033[0;37m\]@\[\033[0;36m\]\h\[\033\[0;33m\]\w\[\033[00m\]: '

Commit changes so we can see the colors in the current session.

source ~/.bashrc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment