05.09.2021, 08:51
(Dieser Beitrag wurde zuletzt bearbeitet: 05.09.2021, 09:28 von ThunderTower.)
SSH Port ändern + SSH Root Login am OpenSim Server verbieten
Aus Sicherheitsgründen habe ich auf meinem Ubuntu Server den SSH Port verändert, und das Login als Root untersagt.
Vor der Änderung vom SSH Port 22 muss natürlich eine entsprechende UFW Freigabe auf den gewünschten Port erstellt werden.
Wer das nicht macht, sperrt sich selbst aus!
Einloggen:
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-81-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Sun Sep 5 05:06:56 UTC 2021
System load: 0.09 Processes: 123
Usage of /: 3.3% of 195.86GB Users logged in: 0
Memory usage: 2% IPv4 address for: IP
Swap usage: 0%
* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
https://ubuntu.com/blog/microk8s-memory-optimisation
0 updates can be applied immediately.
Los geht's:
Editieren der sshd_config mit:
sudo nano /etc/ssh/sshd_config
Hier das PermitRootLogin auf 'no' setzen.
Das Rautezeichen von Port 22 entfernen und die Portangabe verändern.
Abspeichern und Dienst neu starten:
/etc/init.d/ssh restart
UFW Regeln für Port 22 löschen:
:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
22 ALLOW IN Anywhere
31122 ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
22 (v6) ALLOW IN Anywhere (v6)
31122 (v6) ALLOW IN Anywhere (v6)
:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 22 ALLOW IN Anywhere
[ 3] 31122 ALLOW IN Anywhere
[ 4] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 5] 22 (v6) ALLOW IN Anywhere (v6)
[ 6] 31122 (v6) ALLOW IN Anywhere (v6)
:~$ sudo ufw delete 1
Deleting:
allow 22/tcp
Proceed with operation (y|n)? y
Rule deleted
:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 31122 ALLOW IN Anywhere
[ 3] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 4] 22 (v6) ALLOW IN Anywhere (v6)
[ 5] 30122 (v6) ALLOW IN Anywhere (v6)
:~$ sudo ufw delete 3
Deleting:
allow 22/tcp
Proceed with operation (y|n)? y
Rule deleted (v6)
:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 31122 ALLOW IN Anywhere
[ 3] 22 (v6) ALLOW IN Anywhere (v6)
[ 4] 31122 (v6) ALLOW IN Anywhere (v6)
:~$ sudo ufw delete 3
Deleting:
allow 22
Proceed with operation (y|n)? y
Rule deleted (v6)
:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 31122 ALLOW IN Anywhere
[ 3] 31122 (v6) ALLOW IN Anywhere (v6)
:~$ sudo ufw delete 1
Deleting:
allow 22
Proceed with operation (y|n)? y
Rule deleted
:~$ sudo ufw reload
Firewall reloaded
:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 31122 ALLOW IN Anywhere
[ 2] 31122 (v6) ALLOW IN Anywhere (v6)
Fertig!
Neue Anmeldung:
ssh salatbieger@IP-Adresse -pNEUER PORT
Aus Sicherheitsgründen habe ich auf meinem Ubuntu Server den SSH Port verändert, und das Login als Root untersagt.
Vor der Änderung vom SSH Port 22 muss natürlich eine entsprechende UFW Freigabe auf den gewünschten Port erstellt werden.
Wer das nicht macht, sperrt sich selbst aus!
Einloggen:
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-81-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Sun Sep 5 05:06:56 UTC 2021
System load: 0.09 Processes: 123
Usage of /: 3.3% of 195.86GB Users logged in: 0
Memory usage: 2% IPv4 address for: IP
Swap usage: 0%
* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
https://ubuntu.com/blog/microk8s-memory-optimisation
0 updates can be applied immediately.
Los geht's:
Editieren der sshd_config mit:
sudo nano /etc/ssh/sshd_config
Hier das PermitRootLogin auf 'no' setzen.
Das Rautezeichen von Port 22 entfernen und die Portangabe verändern.
Abspeichern und Dienst neu starten:
/etc/init.d/ssh restart
UFW Regeln für Port 22 löschen:
:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
22 ALLOW IN Anywhere
31122 ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
22 (v6) ALLOW IN Anywhere (v6)
31122 (v6) ALLOW IN Anywhere (v6)
:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 22 ALLOW IN Anywhere
[ 3] 31122 ALLOW IN Anywhere
[ 4] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 5] 22 (v6) ALLOW IN Anywhere (v6)
[ 6] 31122 (v6) ALLOW IN Anywhere (v6)
:~$ sudo ufw delete 1
Deleting:
allow 22/tcp
Proceed with operation (y|n)? y
Rule deleted
:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 31122 ALLOW IN Anywhere
[ 3] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 4] 22 (v6) ALLOW IN Anywhere (v6)
[ 5] 30122 (v6) ALLOW IN Anywhere (v6)
:~$ sudo ufw delete 3
Deleting:
allow 22/tcp
Proceed with operation (y|n)? y
Rule deleted (v6)
:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 31122 ALLOW IN Anywhere
[ 3] 22 (v6) ALLOW IN Anywhere (v6)
[ 4] 31122 (v6) ALLOW IN Anywhere (v6)
:~$ sudo ufw delete 3
Deleting:
allow 22
Proceed with operation (y|n)? y
Rule deleted (v6)
:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 31122 ALLOW IN Anywhere
[ 3] 31122 (v6) ALLOW IN Anywhere (v6)
:~$ sudo ufw delete 1
Deleting:
allow 22
Proceed with operation (y|n)? y
Rule deleted
:~$ sudo ufw reload
Firewall reloaded
:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 31122 ALLOW IN Anywhere
[ 2] 31122 (v6) ALLOW IN Anywhere (v6)
Fertig!
Neue Anmeldung:
ssh salatbieger@IP-Adresse -pNEUER PORT