Configuring a Debian Sarge Server, part III

By | September 15, 2007

In this third part of the series I will be taking you through some security issues of having your own server. It will be a short one, thank god, compared to the other articles. But very crucial. We’ll be restricting access to SSH.

First things first. What is SSH. Well it’s full name is Secure Shell, which means that you log in to the command line (for windows kids) of your server. You’ll probably need two tools to work with it:

  • Putty, which gives you shell access
  • Winscp, which enables you to copy files to the server

When you’re already running Linux these tools, or comparable ones should already be installed.

Now that you have the tools you can log in to your server from any system in the world. Gaining root access straight away. Which is fun, but also very dangerous. So your next step should be to disable the login of the root from the server. You can do this by modifying the file ‘/etc/ssh/sshd_config’.

DenyUsers root

That’s it. No more nasty root access from putty. Now you will have to have a seperate user account to log in, so don’t restart SSH just yet. First do the following:

adduser remoteuser
passwd remoteuser

This will create a new user and set it’s password, and please change the remoteuser to the name of the user you want it to have ;). After this you will have to restart SSH to make sure root can no longer log in. Do this by executing the following line:

:>/etc/init.d/ssh restart

Once you logout you won’t be able to login using root any more. But to install applications or change system files you will need to be able to gain root access. You can do this by using the command ‘su <program>’ .

Linux will ask you for the root password and execute the line after su with root access. That’s it for know. More next time.

Leave a Reply