Step 1. Root Access
Before we get started. Here’s what I’m going to assume you’ve done already
- Setup your hostname
- Added yourself a user account that’s not root
- Setup that account as being part of the sudo group
I typically use Debian on my servers cause I’m ghetto old school that way. If you’re using Ubuntu, everything is the same since it’s Debian based. If you’re using anything else and it’s not Debian based just adjust accordingly for the installation of software.
Note: I’m also going to assume you know that it’s good practice to use sudo to run all things that require root access and not actually be logged in as root. I’m not here to preach what I personally believe is good practice so I’m going to exclude ‘sudo’ from all the commands.
Disable Root SSH Login
By default your VPS image (if you’re running a Linode) should already allow you to SSH into the server and log in as ‘root’. I’m assuming you have created yourself an account already.
Why disable root SSH login? Quite honestly, it’s because after sifting through hundreds of thousands of server logs, I’ve noticed that sooner or later every outside facing server with SSH access is going to sooner or later get some sort of automated brute force dictionary attempts at breaking into the server. By disabling root login from SSH, even if someone did manage to guess your root password, they couldn’t get in.
If you’re one of those guys that likes to run around as root, create another user that you can SSH into with and then just ‘su’ into root once you get in. Please note that it’s generally better practice just to stay logged in as your normal user and just sudo everything.
NOTE: Aside from root, I have noticed someone out there trying to brute force their way using an account named ‘admin’ which doesn’t exist on my machine. Based on that, I would not suggest creating an account called admin either.
Now onto the fun stuff
FIrst edit the following file
Find the line
Uncomment it and change it to ‘no’. It should look like this
Save and exit then restart your sshd service by running either
service sshd restrart
They both do the same damn thing.