Red Green Repeat Adventures of a Spec Driven Junkie

How to Secure Your Server (part 1)

This is next part of secure your server series where I go over how to improve security when logging in.

I go over what each technique is, how they help in a server security setting, pros & cons of each, and resources for configuring them.

You will learn how to configure your server so it’s hard for unauthorized users to access by guessing a user password combination. Also, I discuss how configuring login notifications to provide a way to know of unauthorized logins.

This article will take you about four minutes to read.

Sutra box with dragons amid clouds source and more information

Introduction

Just having a server that is openly accessible on the Internet attracts hoards of attention from around the world. In one month, my server received 50k login from attempts over 40 different countries.

Every single minute someone I don’t know is attempting to login to my server.

How can I have a server online and have peace of mind? How do I know the next time I want to login, I still can??

This article I share how to improve security on logging in, to reduce chance of brute force attacks on user password logins. These techniques are:

  • SSH keys
  • Two factor authentication
  • Login notification

You can use each of these techniques independently or combine them together for increased security.

SSH Keys

SSH is short for “secure shell” and is a remote shell protocol that uses encryption.

One “feature” of SSH is it can use public-private keys to authenticate users.

Public-Private?!

Public-private key encryption allows encrypted messages using the private key to be decrypt-able by the public key (and vice versa). Messages encrypted by one key are decrypt-able by the other.

When using public-private key authentication method in SSH, it is a secure shell. The remote server has the public key and the local client has the private key.

SSH helps with server security because of encryption keys generated are long and difficult to recreate when only having one of the keys. There is no password to guess and it is hard to brute force guess the value of a private key.

Lost Keys?

On the flip side, if one were to lose their private keys to the server, that would effectively remove their access to the server.

How to configure and more information available here

Two Factor Authentication (on SSH)

A two factor authentication system refers to having two independent authentication methods.

In a server setup, one authentication would be a user selected password. Another could be a code generated by the server and sent to the user.

Gmail, Login.gov, and other web-sites use two factor authentication to enhance security of accounts.

This can apply to one’s SSH setup, using SSH with regular user password combination AND having a second factor authentication system, such as a key generator.

Why not just SSH keys?

SSH with public-private keys are effective and can be the only access mechanism for a server.

The one use case I experienced where SSH keys fail is accessing your server from a computer that you do not want to have your private key.

Having a two factor authentication enables access while not leaving highly secure private keys on every system you use to connect.

Lost Second Authentication Method??

Losing a second authentication method is like losing a private key, you’re not going to be able to login. Even if you know the password, the system will not let you in unless you have the correct value from the code generated in the second authentication method.

To configure your Linux system to have a two factor authentication system on SSH, I have written this article

Login Notifications

A technique to alert you whenever a successful login occurs, even if it’s “you”.

Second Confirmation

A positive feedback system to confirm that you logged in. If you get a login successful message and did not login, you know there’s a problem.

Even with all the security measures, if a hacker gains access to your system, the best thing you can do is turn off the server as soon as possible.

An easy way to know if your server is a compromised server: setup a notification every time you or a root user logs in.

Reduce Hacker’s Time

Notification of an unauthorized login right away gives you the ability to shut down the server as soon as possible, reducing a hacker’s time to wreak havoc on your system. The longer they are in your system without your knowledge, the more they can do.

Over time, login notifications can become noisy and its value decrease. Incorporating them into your work-flow will be important to maintain the value of login notifications. I have my notifications sent to slack instead of email.

This is an article I wrote to configure a server to send a login notification by email and slack.

Conclusion

Using SSH keys, two factor authentication, and login notification is an effective way to secure your server from direct login attacks.

SSH keys provide an easy way to incorporate public-private key cryptography into your work-flow.

Two factor authentication gives a second authentication method other than your password when logging in using password based SSH.

Login notifications gives you a chance in the case everything fails, you can unplug the server to reduce damage unauthorized access can have.

In the next article, I share techniques to slow down or prevent unauthorized access to the server in the first place, using tools likes fail2ban, IP white-listing, and port knocking.