Skip to content

Instantly share code, notes, and snippets.

@miguelmota

miguelmota/README.md

Last active March 28, 2024 21:46
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save miguelmota/e3a707d764f627343838a540d4848dd3 to your computer and use it in GitHub Desktop.
Save miguelmota/e3a707d764f627343838a540d4848dd3 to your computer and use it in GitHub Desktop.
Download ZIP
Arch linux secure machine
Raw
README.md

Create new user

sudo useradd -m -s /bin/bash alice
sudo passwd alice

Add user to wheel (sudo) group

sudo usermod -aG wheel alice
visudo
# uncomment the wheel line
%wheel ALL=(ALL) ALL

Copy authorized users to new user

su - alice
sudo cp -r /home/ubuntu/.ssh .ssh
sudo chown -R alice:alice .ssh

Disable ssh root login

sudo pacman -S openssh
sudo vim /etc/ssh/sshd_config
sudo sshd -t
sudo systemctl enable sshd.service
sudo systemctl restart sshd.service
PasswordAuthentication no
ChallengeResponseAuthentication no
PermitRootLogin no
PermitEmptyPasswords no
Port 1234 # pick a random port
AllowUsers alice # only allow alice to ssh

Install fail2ban

sudo pacman -S fail2ban
sudo vim /etc/fail2ban/jail.conf
sudo systemctl enable fail2ban.service
sudo systemctl start fail2ban.service
ignoreip = 127.0.0.1/8 ::1

[sshd]
enabled = true

Install firewall

sudo pacman -S ufw
sudo systemctl enable ufw.service
sudo systemctl start ufw.service
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22
sudo ufw enable
sudo ufw status
sudo netstat -tulpn

Add 2fa

https://gist.github.com/miguelmota/45cf5254b870eeaf2e925b4d7fcfceb2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment