Continue from the story of the previous blog posts - How to Secure Your ECS Instances with Alibaba Cloud Security Center and How to Remove Donald Trump Virus/Script from Linux? I would like to share one more feature that I mentioned I was lazy to implement which lead to give opportunity to the hacker to brute force attack my Linux root account.
If you are Alibaba Cloud, AWS or any other similar cloud service provider user, when you are trying to provision an ECS instance, you will be given the choice of setting up the logon credential with key pair or password like the following screen.
If you are lazy like me and set the logon credential with password, then you will face the risk of root account being brute force attack.
So, what if you already setup the server with password credential, then you can actually still able to make thing right now.
Generate Key Pair
First, you need to generate a key pair for your account which is used to connect to the server by opening the PuTTYgen software.
Hit the Generate button, then move your mouse around this area for it to generate random value:
Until you see the following screen, then enter the key comment as your username to differentiate the accounts. Then, the key passphrase will be the password that you need to key in while connecting to the server which actually does the decryption.
Save a copy of the private key, it is required to be imported to the Putty authorization profile later.
Configure PuTTY
Now, open PuTTY then enter the server IP address, then go to Connection menu -> SSH -> Auth, browse and select the saved private key.
Now, go back to the main screen, save the session.
When you connect to the server, you will be prompted to key in the passphrase that you had set earlier while generating private key in the PuTTYgen software.
Enable SSH Root Access With Key
Go to /etc/ssh path, then open text editor to edit the sshd_config file.
sudo vi /etc/ssh/sshd_config
Uncommet the PermitRootLogin and change the value from prohibit-password to without-password
Finally, restart the sshd service to make it take effect
service sshd restartNow, you can try to login to the server with root password, it should not be accessible now.
Summary
After setting up the SSH authorization method to key pair, your root account is at least safe from brute force attack. For even tighter security, I would advice you to setup a Security Group in Alibaba Cloud to whitelist a range of IP addresses that suppose to be allowed to access the server only.
No comments:
Post a Comment