Securing SSH/SFTP and best practices on security
Posted
by
MultiformeIngegno
on Server Fault
See other posts from Server Fault
or by MultiformeIngegno
Published on 2012-09-22T16:00:34Z
Indexed on
2012/09/22
21:40 UTC
Read the original article
Hit count: 338
I'm on a fresh VPS with Ubuntu Server 12.04. I wanted to ask you the good practices to apply to enhance security over a stock Ubuntu-server.
This is what I did up to now: I added Google Authenticator to SSH, then I created a new user (whom I'll use instead of 'root' for SSH & SFTP access) which I added to my /etc/sudoers list below 'root', so now it's:
# User privilege specification
root ALL=(ALL:ALL) ALL
new_user ALL=(ALL:ALL) ALL
Then I edited sshd_config and set PermitRootLogin to 'no'. Then restarted the ssh service.
Is this ok? There are a few things I'd like to ask you though:
1) What's the sense of adding a new (sudoer) user whilst the root user still exist (ok it can't access with root privilege but it's still there..)? 2) System files are owned by 'root'.. I want to use my new_user to access via SFTP but with it I can't edit those files!! Should I mass-CHMOD 'em so that new_user has write perms too? What's the good practice on this?
Thanks in advance, I hope you'll tell me if I did something wrong and/or other ways to secure the system. :)
© Server Fault or respective owner