This forum uses cookies

***ThunderTower*** · (Dieser Beitrag wurde zuletzt bearbeitet: 05.09.2021, 09:28 von ThunderTower.)

SSH Port ändern + SSH Root Login am OpenSim Server verbieten

Aus Sicherheitsgründen habe ich auf meinem Ubuntu Server den SSH Port verändert, und das Login als Root untersagt.

Vor der Änderung vom SSH Port 22 muss natürlich eine entsprechende UFW Freigabe auf den gewünschten Port erstellt werden.

Wer das nicht macht, sperrt sich selbst aus!

Einloggen:

Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-81-generic x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage

System information as of Sun Sep 5 05:06:56 UTC 2021

System load: 0.09 Processes: 123
Usage of /: 3.3% of 195.86GB Users logged in: 0
Memory usage: 2% IPv4 address for: IP
Swap usage: 0%

* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.

https://ubuntu.com/blog/microk8s-memory-optimisation

0 updates can be applied immediately.

Los geht's:

Editieren der sshd_config mit:

sudo nano /etc/ssh/sshd_config

Hier das PermitRootLogin auf 'no' setzen.

Das Rautezeichen von Port 22 entfernen und die Portangabe verändern.

Abspeichern und Dienst neu starten:

/etc/init.d/ssh restart

UFW Regeln für Port 22 löschen:

:~$ sudo ufw status verbose

Status: active

Logging: on (low)

Default: deny (incoming), allow (outgoing), disabled (routed)

New profiles: skip

To Action From
-- ------ ----
22/tcp     ALLOW IN Anywhere
22 ALLOW IN Anywhere
31122 ALLOW IN Anywhere
22/tcp (v6)    ALLOW IN Anywhere (v6)
22 (v6)    ALLOW IN Anywhere (v6)
31122 (v6)    ALLOW IN Anywhere (v6)

:~$ sudo ufw status numbered

Status: active

To Action From
-- ------ ----
[ 1] 22/tcp      ALLOW IN Anywhere
[ 2] 22     ALLOW IN Anywhere
[ 3] 31122 ALLOW IN Anywhere
[ 4] 22/tcp (v6)    ALLOW IN Anywhere (v6)
[ 5] 22 (v6)    ALLOW IN Anywhere (v6)
[ 6] 31122 (v6)    ALLOW IN Anywhere (v6)

:~$ sudo ufw delete 1

Deleting:

allow 22/tcp

Proceed with operation (y|n)? y

Rule deleted

:~$ sudo ufw status numbered

Status: active

To Action From
-- ------ ----
[ 1] 22       ALLOW IN Anywhere
[ 2] 31122 ALLOW IN Anywhere
[ 3] 22/tcp (v6)    ALLOW IN Anywhere (v6)
[ 4] 22 (v6) ALLOW IN Anywhere (v6)
[ 5] 30122 (v6) ALLOW IN Anywhere (v6)

:~$ sudo ufw delete 3

Deleting:

allow 22/tcp

Proceed with operation (y|n)? y

Rule deleted (v6)

:~$ sudo ufw status numbered

Status: active

To Action From
-- ------ ----
[ 1] 22       ALLOW IN Anywhere
[ 2] 31122 ALLOW IN Anywhere
[ 3] 22 (v6)    ALLOW IN Anywhere (v6)
[ 4] 31122 (v6)    ALLOW IN Anywhere (v6)

:~$ sudo ufw delete 3

Deleting:

allow 22

Proceed with operation (y|n)? y

Rule deleted (v6)

:~$ sudo ufw status numbered

Status: active

To Action From
-- ------ ----
[ 1] 22        ALLOW IN Anywhere
[ 2] 31122    ALLOW IN Anywhere
[ 3] 31122 (v6) ALLOW IN Anywhere (v6)

:~$ sudo ufw delete 1

Deleting:

allow 22

Proceed with operation (y|n)? y

Rule deleted

:~$ sudo ufw reload

Firewall reloaded

:~$ sudo ufw status numbered

Status: active

To Action From
-- ------ ----
[ 1] 31122      ALLOW IN Anywhere
[ 2] 31122 (v6) ALLOW IN Anywhere (v6)

Fertig!

Neue Anmeldung:

ssh salatbieger@IP-Adresse -pNEUER PORT

Login
Benutzername:
Passwort:	Passwort vergessen?
	Merken