It is important to secure your connection to the machine. In order to do so, we will configure the ssh access pattern as well as set up a firewall that blocks all incoming requests except ssh port and web server ports.
We will assume that we have a non-root account that is in the sudoers group.
When you first create the server instance, you may or may not have the ssh server running. If it is not running, you can install it first. On Ubuntu/Debian, you can use the following command:
sudo apt install openssh-server
Next, we create a ssh key pair on our local machine with which we will access the server. From your local user home directory:
mkdir .ssh
ssh-keygen
cd .ssh
less id_rsa.pub
Copy this content to the following file authorized_keys
in the webserver:
mkdir .ssh
vim authorized_keys #if vim is not present, you can use other editors or install it using `sudo apt install vim`
#copy the content and quit (shift+colon> wq -> enter)
chmod 600 authorized_keys
We need to edit the following fields in the file /etc/ssh/sshd_config
on the server (say using vim
):
Port
choose something other than 22 (opttional)PermitRootLogin no
(changed from prohibit-password)PubkeyAuthentication yes
(already defaults to this)PasswordAuthentication no
(disable it for security)Restart the ssh server. In Ubuntu/Debian this is achieved by sudo systemctl restart ssh
Install and run it using the following commands (Ubuntu/Debian):
sudo apt install ufw
sudo ufw allow [PortNumber] #here it is 22 or another port that you chose for ssh
sudo ufw enable
sudo ufw status verbose #this should show what the firewall is doing