How to Secure a Linux Server with UFW, SSH Keygen, fail2ban & Two Factor Authentication
Рет қаралды 56,173
Күн бұрынIn-depth guide on how to secure a Linux home server running Ubuntu 20.04. This video explains how to change the default SSH port, how to configure an UFW firewall, how to use ssh key-based authentication, how to install and configure fail2ban, and finally how to setup two factor authentication (2FA).
Follow this tutorial on my blog: techguides.yt/secure-linux-se...
This video is part of my ultimate home server tutorial video series!
Part 0: 10 GIGABIT Ryzen Home Server Build: • Ultimate 10 GIGABIT Ry...
Part 1: How to Install Ubuntu Server 20.04 LTS from USB: • The Home Server Projec...
Part 2: How to format and partition hard drives: • How to Partition, Form...
Part 3: You are here :)
Part 4: How to set up ZFS RAID10 on Ubuntu 20.04: • How to set up ZFS RAID...
Part 5: How to Install Nextcloud Hub 21 on Ubuntu 20.04: • How to Install Nextclo...
Part 6: How to Install Bitwarden on Ubuntu 20.04: • How to Install Bitward...
Check out today's video sponsor IPVanish: techguides.yt/ipvanish
Timeline:
00:00 - Intro
01:21 - Get a VPN for less than 50$ for a full year!
02:25 - How to change default SSH port
05:26 - How to set up UFW
09:02 - How to set up key-based authentication
12:11 - How to disable password based authentication
12:52 - How to set up fail2ban
16:03 - How to set up two factor authentication
Video Resources
Thumbnail adapted from: www.freepik.com/free-vector/c...
Man in the middle attack: / mitm-man-in-the-middle...
Privileged ports: www.w3.org/Daemon/User/Instal...
💻 Gaming Setup: amzn.to/2E67AUG
📷 Production Gear: amzn.to/2VhbShO
🎵 Production Music courtesy of Epidemic Sound: www.epidemicsound.com
📝 Blog: techguides.yt
🐦 Twitter: / techguidesyt
📺 Twitch: / speedbre4ker
🎧 Discord: / discord
#Secure #Server #TechGuides
@justinreed1388 3 жыл бұрын
Thanks, I look forward to watching the rest of these when they are uploaded.
@TechGuides 3 жыл бұрын
Awesome! More are coming soon
@IbanMieZ 3 жыл бұрын
I have never, in my life, learnt so much, from one video, sir! Thank you!
@TechGuides 3 жыл бұрын
So nice to hear, thank you!
@ox3965 2 жыл бұрын
Wow one of the best most detailed videos, I have ever seen. I need more of these videos. You are the man. Tech guides
@TechGuides 2 жыл бұрын
Really appreciate it! Im trying to produce more videos like this very soon :)
@dejandadude 3 жыл бұрын
Someone give this man a Raise!
@danci947 2 жыл бұрын
apparently, he just got it...well deserved!
@feralshad0w 3 жыл бұрын
I would love an apache webserver tutorial from you. These are very concise and extremely useful. Thank you for making them. There are a lot of verbose and confusing tutorials out there that can be difficult to follow.
@TechGuides 3 жыл бұрын
Thanks for the nice feedback! I tried to make those as easy to follow while still containing a lot of useful information :)
@beundeteunhaas9601 3 жыл бұрын
Nice bitesized video for basic security. Thanks keep up the good work!
@TechGuides 3 жыл бұрын
Thank you! Will do
@ryanmitchell8208 3 жыл бұрын
Thank you so much for these videos. I am very interested in learning how to make my server apache and php secured, so I hope you do that video too!
@TechGuides 3 жыл бұрын
Thanks for watching! I might do it but it will definitely be a while until I can make it
@yassinenacif418 3 жыл бұрын
Chapeau pour toi man!! This video was so useful. Keep up the great job!
@TheNuclearManx 2 жыл бұрын
Very helpful video, thanks! Just a couple of things to note from my experience of trying to do some of these: 1. I think you need to edit/add the [sshd] jail in jail.local rather than fail2ban.local 2. You can set findtime = x (e.g., x = 1d). This is useful if you have maxretry > 1; it can look at the past x to detect previous login attempts rather than just the past 600 seconds 3. Using `sudo service fail2ban reload` may be preferable. Apparently `reload` is normally a neater/tidier version of `restart`. For example, using reload, you won't reset the currently failed, etc.
@tjames22123 2 жыл бұрын
Your tutorials have changed my IT world man! Danke schöne!
@TechGuides 2 жыл бұрын
Very cool! Thanks :)
@ahmadaisabry 3 жыл бұрын
The most informative video series in a very straightforward manner. You do not just type the command you are explaining what is behind the scene in a few concentrated informative pice of knowlde. Thank you very much. Could you please complete the series by Secure the next cloud instance itself (apache and PHP), also performance tuning for the server. (Apache, PHP, next cloud). Backup and restore.
@ahmadimran6231 3 жыл бұрын
Wow learnt something new about the 1024 limit and how the model is becoming obsolete. nice video.
@josephsoldner6048 3 жыл бұрын
Excellent video. Thanks!
@greenland1164 3 жыл бұрын
You are the best. I would love to see more videos about securing an Ubuntu server. Are you still planning to make the other guides?
@TechGuides 3 жыл бұрын
Thanks! I have just released part 4 :)
@gnuPirate 3 жыл бұрын
Thanks dude! Great video and guide.
@nikolas8741 3 жыл бұрын
My eyes are bleeding from you're picture😵
@ryansamra5 3 жыл бұрын
Thanks for this tutorial it was very helpful
@rosemarieosborn8625 3 жыл бұрын
I have ungoogled my life so this last bit with the authentication I cannot use but the rest of the video is brilliant, thank you.
@TechGuides 3 жыл бұрын
You can do the exact same with Authy ;)
@CaptZenPetabyte 2 жыл бұрын
Brilliant Tutorial, thanks! :)
@TechGuides 2 жыл бұрын
Thank you so much!!
@LR-pn6zd 3 жыл бұрын
Awesome work, man
@TechGuides 3 жыл бұрын
Thank you! Cheers!
@andinfoser 3 жыл бұрын
I would like to learn more on how to make my server apache and php secured, so I hope you do that video soon!
@TechGuides 3 жыл бұрын
Thanks for the feedback!
@jackv486 3 жыл бұрын
Thanks, very helpful video 👍
@TechGuides 3 жыл бұрын
Thank you for watching!
@romabilibov7612 3 жыл бұрын
Awesome tutorial!!!!
@TechGuides 3 жыл бұрын
Glad you liked it!
@6pac149 3 жыл бұрын
You should look into a dashboard i.e. Heimdall, Homer, Dashmachine. The videos are great keep up the good work! :)
@TechGuides 3 жыл бұрын
Thanks for the suggestion and kind feedback! Appreciate it
@robyngutierrez7536 4 ай бұрын
I realize this tutorial is 3 years old but it's still very informative and also s
@TechGuides 4 ай бұрын
Thanks!
@ahmedsoran4710 Жыл бұрын
amazing video thanks
@sirmarkalot9934 3 жыл бұрын
This is pretty cool
@AbhaySingh-yw2ej 3 жыл бұрын
I recently decided to convert my old laptop in a home server for a learning experience and why not. I have a 920m 2b Nvidia gc and 2tb hdd and i7-5500U with 16gb ddr3. My target is to have a secure network storage, a workstation to spin up VMs for small projects so I feel like a developer and learn the art of maintaining a system. I wish to keep the stack private, open source and stable. I got a good start with your videos, and would love to know popular use cases of dedicated home servers you have come across other than plex, nas and dhcp.
@tidusimango9364 3 жыл бұрын
Discovering your videos is probably the best thing to happen while building my own Ubuntu server. I have already built it and have multiple hard drives, I have dedicated one to PLEX. I'm worried that following this video would block access to plex, thus I won't be able to stream. Any thoughts on how to go about it? Perhaps adding plex into the list of allowed UFW's or allowing plex to access only the one harddrive? Would that compromise my server security? What do you recommend? Thanks.
@mmroshani 3 жыл бұрын
Thanks, the security of NGINX is may be important too...
@molbar77 2 жыл бұрын
Great job man! Thanks. BTW are you aware of any setup or guide to use ubuntu server to enroll/approve devices connection to the home wifi router?
@tolbaahmed 3 жыл бұрын
nice video
@TechGuides 3 жыл бұрын
Thanks for watching!
@ScofieldMuliru 3 жыл бұрын
Thank you for the wonderful tutorial. One question though, once you've installed the Google pam on the server, can you use another authenticator apart from the Google authenticator to scan the QR code for use?
@ronit.dhingra_ 3 жыл бұрын
Yes, I tried this with Duo Mobile and it works just fine.
@TechGuides 3 жыл бұрын
Thank you! No, you don't necessarily need the google authentication, just one that implements the same algorithm.
@UmmarFarooqMahroof 3 жыл бұрын
This was amazing. You're awesome. can you please do a video on securing a nginx server. I am trying to setup a dotnet core webserver
@TechGuides 3 жыл бұрын
I'm afraid I have never used NGINX so no real experience with that or any security related topics...
@rosemarieosborn8625 3 жыл бұрын
I do have an apache2 server but I haven't done much to it because I haven't secured it as of yet. Videos on how to secure an apache2 server from you would be awesome, thanks.
@TechGuides 3 жыл бұрын
Thanks for the suggestion! I'll put it on my list :)
@nikolas8741 3 жыл бұрын
Thanks allooot
@freebyte1983 3 жыл бұрын
Thank you your help and for your time. Please Can you explain how to build a production server ( ubuntu for ex nexcloud ) it will help me.
@TechGuides 3 жыл бұрын
Hey man! I can't quite follow, what do you want to build?
@freebyte1983 3 жыл бұрын
Thanks. In your video you install home server . I want to know how to install a real server in production ( number of cpu, partitions , swap ) for nextcloud server.
@zwyklyuser44 3 жыл бұрын
Thx
@ierosgr 3 жыл бұрын
Nice tutorial. The only thing it might have been changed would be the rsa key. Why not use ed25519 key instead. It has an arc algorithm for encryption which is considered better than rsa Also how come and while you scp id_rsa.pub to the authorized_keys which are both file has as a result the index of the id_rsa to be copied inside the authorized_keys instead of copying the id_rsa.pub file to the other computer. I thought echo does that not scp
@swedzilla 2 жыл бұрын
You're videos are fantastic, just having a small issue with the SSH, I change the port in the .config and restarted the SSH service, even rebooted the server but it still only accept connection through the 22. Suggestions?
@matthewpierce7717 2 жыл бұрын
I'm having the same issue right now.
@swedzilla 2 жыл бұрын
@@matthewpierce7717 Turned out I didn’t activated the port change. Don’t remember exactly where but there was “#” that shouldn’t be there.
@lubenbroadcasting986 3 жыл бұрын
Hey, thx for this video! Helped me a lot! In case I want to give another user access to the server, I just need to copy his ssh key into the authorized_keys?
@TechGuides 3 жыл бұрын
Yes exactly! Cheers
@lubenbroadcasting986 3 жыл бұрын
@@TechGuides Ah cool Google Auth doesn't work for me though on Ubuntu Server Version 20.04 Message: "No supported authentication methods available (server sent: publickey) " Not sure where the mistake is since I copy-pasted it from your blog. But SSH is fine^^
@keiwarcraft 3 жыл бұрын
one question, can I use microsoft authenticator app instead of google one for this 2 factor auth?
@donhalbert755 3 жыл бұрын
Great video and thanks for posting it! The last step of adding AuthenticationMethods breaks my ability to login via SSH and the only solution is to login locally and remove that line and then it allows me to again login remotely. Any idea why?
@TechGuides 3 жыл бұрын
Thanks! What happens when you attempt to login? You're simply not getting the "Verification" prompt?
@OasiszGaming 3 жыл бұрын
Thank you for this video. I have a question though, i set up the RSA key which is stored on my main PC. I tried to SSH from my phone through the wide area network and was still able to log in provided the port number, ipaddress, and password. I thought the RSA key is supposed to block that? Hope you have some insight, thanks again
@TechGuides 3 жыл бұрын
Setting up the RSA key is only one part. You also have to disable password based login as I describe after 12:11 :)
@JoJo-wk5rt 3 жыл бұрын
Would it be possible to login from a different IP/computer with a key based authentication and disabled root login?
@amr-50 2 жыл бұрын
amazing video can you please refer me to the ssl video couldn't find it in the description
@TechGuides 2 жыл бұрын
Sorry for the late response, here you go I think its that one: kzfaq.info/get/bejne/mZekkrKjrs_FYYk.html
@subashchaudhary891 3 жыл бұрын
I am very interested in learning how to make my server apache and php secured
@TechGuides 3 жыл бұрын
OK great, I have planned to do a video on that sometime early next year!
@firewall_chronicles 3 жыл бұрын
im trying to set up a server PLEASE MORE SERVER STUFF AND webserver security PLZ
@TechGuides 3 жыл бұрын
yes it will come! :)
@brandom301 3 жыл бұрын
I want to log in from another machine, my laptop. Thus, I will generate another ssh key on ot. But how can I copy it to the server into the authorized_keys file without being able to log in from the laptop, since it requires an ssh key to log in? Thanks a lot for your videos by the way!
@TechGuides 3 жыл бұрын
I would just copy the new public key to a machine that already has access and write it to the authorized_keys file. Or disable keybased authentication for until you've installed the new key
@bernielambillon9737 2 жыл бұрын
Thanks for making these very useful videos. I did run into a bit of a problem though, and I haven't been able to get past it. After generating my ssh keys and copying the public key to authorized_keys on the server, I am still being prompted for a password. Any suggestions would be much appreciated.
@TechGuides 2 жыл бұрын
How do you access your server? Make sure you pass the private SSH key to the ssh command when connecting
@ShibaHack Ай бұрын
I had issues with fail2ban on Ubuntu Server 24.04, apparently at the time of me writing this, theres an issue with the python version used in 24.04 and fail2ban. Found a work around but it resulted in even more problems for me so I rolled back to 22.04 and everything worked fine.
@TechGuides Ай бұрын
Damn thanks for the headsul! I wanted to start using 24.04 soon and produce some content on it...
@eikominamoto6599 3 жыл бұрын
please HELP ME after changing port i entered everything you said in windows powershell but it says connection timed out. Please tell me what to do? PLEASE HELP ME
@damiansmith4156 3 жыл бұрын
Nice video! I'm following these steps and since I did try updating server to install fail2ban. I can't update or upgrade or ping. Is anyone else having this issue?
@TechGuides 3 жыл бұрын
Hey thanks! Sorry for the late reply. What exaclty is your isseu? Did you install fail2ban and can't no longer log-in? If yes, check the list of banned IP addresses (you will need to physically connect to your sever to check if indeed you have accidentally banned yourself)
@RealMTBAddict Жыл бұрын
Is a 64 character PW long enough for Nextcloud? Also with 2FA.
@alexandragroza2611 3 жыл бұрын
Uhmm, before this i just installed Nextcloud hub which, after i deleted port 80 from firewall, doesn't work anymore. Can it work without that port open? Also, you have been soooo helpful, as i only need a home server but this is the first time i am linux-ing, therefore i couldn't have done it without you in one round
@TechGuides 3 жыл бұрын
Yes you will need to open port 80 to be able to connect to your nextcloud instance. If you ever decide to enable SSL you'll need to open port 443 as well
@ox3965 2 жыл бұрын
Tech guides, please could you help I have followed the tutorial but every time I use Google authenticator and I input the verification , my laptop disconnects, the connection.
@CarlosPerez-xx9gl 3 жыл бұрын
Could you show how to setup two factor authentication for a virtual machine in a Ubuntu VirtualBox? ...as I could do it successfully for a physical but the same procedure does not work for a VM, what could be wrong? ...thanks!
@TechGuides 3 жыл бұрын
I have no experience with virtual machines I'm afraid...
@moritzgeusen3818 3 жыл бұрын
Hi, I hope this is not too much of a hassle to you, but why did you copy the key a second time into the authorized_keys file at 11:55? I also got problems after this step, as I was prompted for some password(I'm using Ubuntu+Gnome) to unlock my private key.
@TechGuides 3 жыл бұрын
Just for the purpose of copying the public key into an already existing authorized_keys file ;)
@moritzgeusen3818 3 жыл бұрын
@@TechGuides I still don't really understand. Does it need to be there two times?
@TechGuides 3 жыл бұрын
No absolutely not. Only use one of the methods shown to copy your public key. The first method (copying the entire rsa_key.pub file onto the server) is applicable if you have never set up ssh keys on your server and thus the authorized_keys file does not exist yet. This is likely your situation if you are watching this video. The second method is only applicable if the authorized_keys file already exists on your server - so if you have already set up ssh key-based authentication before, i.e. for another computer. In that case, you don't want to simply copy & past the entire public key file onto your server or otherwise the authorized_keys file would obviously be overwritten and your other computer will no longer be able to connect.
@Vende-se 3 жыл бұрын
Who are the expert or masterclass that could have the best pratice on the market so i can pay to learn with ? any recomendation ?
@TechGuides 3 жыл бұрын
My videos are quite comprehensive but I'm sure you'll fined better "experts" on various paid course sites
@kthfriend 3 жыл бұрын
When is part5 coming?... looking for the nextcloud install.. thanks.
@TechGuides 3 жыл бұрын
I'm currently trying to get it out on the 23rd of January - although I'm not always great with my own deadlines ;)
@kthfriend 3 жыл бұрын
@@TechGuides thanks. It is appreciated...
@_elroyjetson 2 жыл бұрын
I know this video is several years old but instead of adding an alias for ssh it would be better to create a ~/.ssh/config and just add the port assignment there. man ssh_config for more information.
@TechGuides 2 жыл бұрын
Good tip! I wasn't aware of the config file back then but I do use it almost exclusively now ;)
@divakarrex9546 3 жыл бұрын
Can u please share how did u get the system info (temp, processor load ) on ssh login ??
@TechGuides 3 жыл бұрын
Do you mean glances?
@divakarrex9546 3 жыл бұрын
@@TechGuides Nope when u login via SSH u get the other machine details just wanted to know how can I get them when I login into my machine
@TechGuides 3 жыл бұрын
I think this always gets displayed when connecting to a server running Ubuntu
@jj-icejoe6642 3 жыл бұрын
Just web interface
@azo890 3 жыл бұрын
hey thanks alot for this tutorial i have a problem, some how, when i add the google authenticator it breaks the ssh and ask for the password then for the token from google any idees, to solve that? i googled ot, but still no results, if some one know how to solve it, it will be thankfull
@azo890 3 жыл бұрын
okey i found it ........ To disable password prompt, we edit /etc/pam.d/sshd as below: sudo nano /etc/pam.d/sshd Comment out the line @include common-auth by adding # at the beginning. . . . # Standard Un*x authentication. #@include common-auth . . . Save the file and restart sshd. sudo systemctl restart sshd
@TechGuides 3 жыл бұрын
Hi! Great that you've got it resolved! I was slightly confused what didn't work for you, since I explicitly went over commenting out that line at 17:38 ;)
@renzapolza6808 3 жыл бұрын
How can you access files from the explorer?
@TechGuides 3 жыл бұрын
Google samba file share on linux
@OfficialRDB 3 жыл бұрын
Can login via command without password, but mobaxterm returns a error: no supported authentication methods available (server sent publickey) Edit: Advanced SSH settings and check "Use private key" and point to the file. Sorry i'm new to all this linux stuff whehehe.... Love you're videos. Is there something for the google auth in mobaxterm ? Because when i entered the code i need to type another one for the SSH-browser. I hope there is something to sync it or use the same.
@TechGuides 3 жыл бұрын
Thanks man! Hmm I haven't really used mobaxterm together with the google auth on my server. I think I tried it once and simply entered the same token twice. I would have to test it again though
@smitty683 3 жыл бұрын
What is the point of changing the default ssh port if you are just going to point traffic to it anyway from your router? Is there a special way of doing that?
@TechGuides 3 жыл бұрын
Cause attackers wont be able to get your ssh port that easily. They can still run a scanner but most attacks will just attempt to connect on port 22 and move on if nothing was detected (or at least thats what I hope)
@bolohead6067 3 жыл бұрын
I keep getting client_loop: send disconnect: Connection reset by peer. I've changed my port, set up UFW and did keygen. but still get this and have to reconnect, appreciate your help in this matter, Thanks
@TechGuides 3 жыл бұрын
Did you allow the new port through UFW? Are you specifying that port when trying to SSH to your server (using the -e flag)?
@bolohead6067 3 жыл бұрын
@@TechGuides yes I allowed new port in UFW. I used -e flag it worked. In my client machine in the bash rc file I still had 22 so I changed to my new port. Thanks for your help and your videos.
@TechGuides 3 жыл бұрын
Ah great that you could get it resolved! Cheers
@marcoFVD 3 жыл бұрын
hi i did all on this video, it was going wel intel the google authenticator after that not possible to login :-( permission denied (publickey).....can some one help me, thanks
@TechGuides 3 жыл бұрын
Im sorry about that. Didnt you open another shell to test connecting with the new settings before disconnecting? Also dont you have physical access to your server?
@marcoFVD 3 жыл бұрын
@@TechGuides hi the problem is the permitrootlogin set to no? but i,am a root.....:-( is there any away to get in?
@TechGuides 3 жыл бұрын
You should never login as root. You can do anything as any regular user as well. Simply log-in with a user that has sudo privileges. If you then need to become "root" your can just type "sudo su"
@feralshad0w 3 жыл бұрын
I had everything running great until the google authentication. Now I have an issue with "connection closed by **IP address** port **selected port** has anyone run into this issue? This error only occured after setting up the google two step authentication
@feralshad0w 3 жыл бұрын
I FOUND THE ANWER!!! in the pam.d/sshd_config file, be careful to notice there is a "Standard un*x authentication" line AND a "standard un8x authorization" line. commenting out the wrong one will lock you out of SSH connection.
@TechGuides 3 жыл бұрын
Sorry to hear that you've locked yourself out :( Which line exactly did you erroneously comment out?
@chaingain2196 3 жыл бұрын
Are you Tech With Tim's older brother? :p
@TechGuides 3 жыл бұрын
Hahe the similarities are eerie right? :D
@chaingain2196 3 жыл бұрын
@@TechGuides Yeah its actually a bit creepy ahhaha. Thanks for the video btw! I really enjoy watching these, very educational and well made :D
@TechGuides 3 жыл бұрын
Totally ;) Thank you so much!
@bolohead6067 3 жыл бұрын
Mine, says Resource temporarily unavailable, when trying to ssh into home server. Any suggestions.
@TechGuides 3 жыл бұрын
Sounds like you've specified the wrong port after changing it in the sshd_config. Did you ssh using the -e port flag specifying the new port?
@bolohead6067 3 жыл бұрын
@@TechGuides no I don't think I did that but was able to set different port number. Thanks. When I go into the sshd_config file concerning the keygen, (I set up pass phrase). Do I leave password authentication as yes and do I permit root login as no?
@TechGuides 3 жыл бұрын
Please follow the video guide from 09:02 onwards - I discuss exactly which options to set to yes and no
@paps0n Жыл бұрын
😁
@everonprofessionalservices6558 3 жыл бұрын
hi have followed all your steps 3 times on different ubuntu 20.04 servers, at file while trying to login i am getting this message " root@192.XXX.0.XXX: Permission denied (publickey)." what could have been wrong can you figure out please
@TechGuides 3 жыл бұрын
Did you update the authorized_keys file in the root directory and not the one from your linux user? Btw I do not recommend to login as root as this is generally considered unsafe practice
@everonprofessionalservices6558 3 жыл бұрын
@@TechGuides yes i have used root
@xantra3072 3 жыл бұрын
Please my lord talk about nextcloud again, did it change much from your previous guide series ?
@TechGuides 3 жыл бұрын
Not really, the install is basically identical but I will show it without snap ;)
@nathan12581 3 жыл бұрын
Or just stick your whole server behind a web reverse proxy, only open port 443 to the public. Use a raspberry PI and use that as a VPN client for open vpn and vpn into your network when you want to access your server outside. No ssh security needed as it’s only available locally.
@TechGuides 3 жыл бұрын
Sure, unless you want to SSH from the outside ;)
@nathan12581 3 жыл бұрын
@@TechGuides You can SSH locally when connected to your home VPN if I’m not mistaken? I just prefer that over opening any more ports other than port 443 for my web apps, then I know my reverse proxy will handle everything the public internet will throw at my one open port on my network. Great videos by the way, keep it up :)
@JoJo-wk5rt 3 жыл бұрын
If the port forwarding is set in the router, so setting the public port to something else as '22' in the router, I can still only connect to the server via 'ssh -p 22 user@ip'. How is that possible? so before doing this kzfaq.info/get/bejne/qbVdlMmH2Kquf3U.html
@JoostWagensveld 3 жыл бұрын
Hi thanks for the extensive videos, I am looking forward to the rest. Why don't you use ssh-copy-id to add your key to the server? It is explained here in more detail. www.ssh.com/ssh/copy-id
@TechGuides 3 жыл бұрын
Thank you so much! I know that command, however it can also very quickly get you locked out of your server if you're not careful and I simply prefer to add keys manually.
@acarzia5580 3 жыл бұрын
I have a pc build idea for you if your interested in hearing it?
@TechGuides 3 жыл бұрын
Dont have a lot of budget but Ill upgrade my PC soon so shoot!
@acarzia5580 3 жыл бұрын
@@TechGuides Thats fine! What are your current specs? If you dont mine me asking.
@TechGuides 3 жыл бұрын
basically what I've got here kzfaq.info/get/bejne/fJOhdsWZ3cqveHk.html but with 64GB trident z rgb ram and a different AIO because the kraken broke
@RealMTBAddict Жыл бұрын
Ubuntu is broken. Nextcloud snap doesn't work with it. DietPi works!
@salat 3 жыл бұрын
Blocking ICMP echos is just silly as you'd get an 'host unreachable' answer from the last router before the host if the IP was really down instead of just no response. Maybe use reject with 'icmp-net-prohibited' instead.. ICMP ist helpful - see shouldiblockicmp.com/ Also: If you use a port >1024 for sshd, as long the sshd is running no other user program could bind to it. And if through some race condition some local user would be able to run a malicious sshd -> the host id would change. I don't really see a risk there..
@TechGuides 3 жыл бұрын
Thanks for watching! I agree with the sshd port, just didnt want to get the internet mad. Regarding the ICMP: not sure why I would ever want my private server to be pingable? What do you mean by "if the IP is down"?
@TechGuides 3 жыл бұрын
A bit sad you didnt follow up on this... Could you elaborate on what you ment?
@kevinjaniak3166 3 жыл бұрын
@@TechGuides What salat is saying is that blocking echos does not hide your server. A hacker knows your server exists because there is no "host unreachable" response from the router, only a timeout. The lack of this response indicates the router has a route (connection) to your server. I'd like to add, ping is a useful diagnostic tool. It can help you decide if a problem with your server is due to a configuration error or a network outage.
@mulletman1705 2 жыл бұрын
Changing ssh port number from the default 22 is useless advice, it will not make anything more secure. Servers can just be scanned by anyone to see what ports they are listening on.
@TechGuides 2 жыл бұрын
This step is about mitigating automated attacks that will always try to use port 22. I get thousands of those each day, none ever try to do a full port scan
@mulletman1705 2 жыл бұрын
@@TechGuides those automated attacks will be stoped by fail2ban, changing the port number does not increase security in any meaningful way.
@karelrambousek9860 2 жыл бұрын
Bla, bla,bla you can do it in 2 minutes, not 20. crap
@vitvitskyi 2 жыл бұрын
you forgot to comment it out the line @include common-auth This tells PAM not to prompt for a password in /etc/pam.d/sshd
@drivenmadz434 Жыл бұрын
heads up your link for this video (How to secure a linux server ) kzfaq.info?event=video_description&redir_token=QUFFLUhqbW8tN2NoMlhVTUV2NDhxMGZaRHZObUI4STRwd3xBQ3Jtc0tscDFzMzlfd25rUGpjQXdmcDY5bWwtYkVrdzNzcG1MTXFnRjE4UTBqTGk1OS1XQTZkWDlCbTlkTUxMUGMxMmNVWEx1UXdyOHZzYUFpMHFmVE9hZFZTWmNFWElLR3FlcFVnenN5dFZPWWRramlLakZrYw&q=https%3A%2F%2Ftechguides.yt%2Fsecure-linux-server&v=sO-afVsDJOA goes to page with no content :) you can RM this comment :)
@louis5555gmail 5 ай бұрын
I used this video to setup my server. Thanks. Any new development since it was made three years ago?
Game Guides
Рет қаралды 30 М.
Jim's Garage
Рет қаралды 46 М.
notebook-31
Рет қаралды 132 М.
STICKY Art Shorts
Рет қаралды 2,3 МЛН