Securing SSH/SFTP and best practices on security

Posted by MultiformeIngegno on Server Fault See other posts from Server Fault or by MultiformeIngegno
Published on 2012-09-22T16:00:34Z Indexed on 2012/09/22 21:40 UTC
Read the original article Hit count: 338

Filed under:
|
|
|

I'm on a fresh VPS with Ubuntu Server 12.04. I wanted to ask you the good practices to apply to enhance security over a stock Ubuntu-server.

This is what I did up to now: I added Google Authenticator to SSH, then I created a new user (whom I'll use instead of 'root' for SSH & SFTP access) which I added to my /etc/sudoers list below 'root', so now it's:

 # User privilege specification
 root     ALL=(ALL:ALL) ALL
 new_user ALL=(ALL:ALL) ALL

Then I edited sshd_config and set PermitRootLogin to 'no'. Then restarted the ssh service.

Is this ok? There are a few things I'd like to ask you though:

1) What's the sense of adding a new (sudoer) user whilst the root user still exist (ok it can't access with root privilege but it's still there..)? 2) System files are owned by 'root'.. I want to use my new_user to access via SFTP but with it I can't edit those files!! Should I mass-CHMOD 'em so that new_user has write perms too? What's the good practice on this?

Thanks in advance, I hope you'll tell me if I did something wrong and/or other ways to secure the system. :)

© Server Fault or respective owner

Related posts about ubuntu

Related posts about security