getting started with Ubuntu server security
In preparation for playing around with a VPS, I’d like to get familiar with Ubuntu 10.10 64-bit server. I grabbed the iso from their download page and installed it on vmware. Please pause with me and feel gratitude for Ubuntu. Thank you, Ubuntu, for being awesome. I was going to pick a more commercially popular OS, but I value my life, and Ubuntu was made with humans in mind.
The first thing I want to look at is security. Ubuntu’s forum has a sticky for general, intro-level security.
Ubuntu Wiki configure SSH seems like as good a place as any to get started.
This wiki page leads with “Once you have installed an OpenSSH server…”, so I set off to install openssh-server: sudo apt-get install openssh-server
But that gave me an error about openssh-server not being available for my system. After some digging, I got the impression that I might just need to update my system:
sudo apt-get update
Yup, that was it. Whew! I’m grateful it wasn’t a multi-hour quest for some random config setting.
Allegedly, after installing openssh, I should be able to ssh in right away. I ran ifconfig to get my vm’s ip address, and then tried it: ssh firstname.lastname@example.org
ssh: connect to host 172.16.83.255 port 22: Permission denied.
Well, at least it’s talking to me. I think we’re ready to move on with the wiki.
I was able to make a backup of the default ssd_config file and set permissions on it without issue. On to customizing my sshd_config file: sudo vi /etc/ssh/sshd_config
- Change PasswordAuthentication to “no”
- I didn’t see a default setting for AllowTcpForwarding an X11Forwarding, so I added entries to turn each of these off
- I added an AllowUsers entry for my username
- Changed LoginGraceTime from 120 to 20
- Changes the LogLevel from “INFO” to “VERBOSE”
- Uncommented the Banner entry, and changed the file name from “issue.net” to “issue” for simplicity. I’ll defer setting the contents of this file.
- I also changed PermitRootLogin to “no”
As a sanity check, I ran ps -A | grep sshd to confirm sshd is running. As a second sanity check, I tried logging in via the local machine: ssh -v localhost. Amazingly, this also worked.
Ok. Moment of truth. Restarting sshd: sudo /etc/init.d/ssh restart.
Doh! I forgot to add my ssh key before disabling password login. Quick edit to restore PasswordAuthentication. Trying again … Connection refused on port 22. Oh, yeah. I changed it to 2222. Trying again … success! – from the local machine. Still can’t ssh in from a remote host. Time to check the ssh log: tail -f /var/log/auth.log
My ssh requests aren’t showing up in the logs. Time to look into the iptables settings. I’m guessing there’s a rule in there to ignore ssh, or no rule to allow ssh. I’ll continue this in another post.