Create a new user that fits to you:

adduser (place your desired username)

visudo

Then, add your new username to file

(username) ALL=(ALL:ALL) ALL

Configure your ssh port, open this file

nano /etc/ssh/sshd_config

Edit and then, save: Ctrl +X + Enter

Port (put here a port you prefer)

Protocol 2

PermitRootLogin no

PermitEmptyPasswords no

UseDNS no

AllowUsers (your new username)

Restart SSH:

service ssh restart

If you got this error:

Error Message
service ssh restart Could not load host key: /etc/ssh/ssh_host_ecdsa_key [….] Restarting OpenBSD Secure Shell server: sshdCould not load host key: /etc/ssh/ssh_host_ecdsa_key

Do the following and restart again.

dpkg-reconfigure openssh-server

Before closing session in current puTTy, open a new puTTy to test new port/connection.

If everything went OK, then install fail2ban.

Gain access root via sudo:

sudo -s

And then Run this:

apt-get install fail2ban

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

nano /etc/fail2ban/jail.local

Edit those lines:

destemail = (put your mail here)

action = %(action_mwl)s

[ssh]

enabled = true

port = (your new port number)

filter = sshd

logpath = /var/log/auth.log

maxretry = 10

[ssh-ddos]

enabled = true

port = (your new port number)

filter = sshd-ddos

logpath = /var/log/auth.log

maxretry = 10

Last thing is to restart Fail2Ban:

sudo service fail2ban restart

Hope this configuration work for you server.

Replies: 0 / Share:

You might also like:

Post Comment

Your email address will not be published. Required fields are marked *