How to Secure a Linux Server


This article introduces the steps on how to secure a Linux server.
1 Keep the Linux Kernel and software updated.
2 Change password regularly.
3 Change SSH port
4 Enable the Firewall service and block unused ports.
5 Use SSH key Instead of the password to log in to the Linux server

1 Keep the Linux Kernel and software updated

An important step of securing the system is to install system patches in time. Linux provides many necessary tools and methods to ensure the update of the system, and all security updates should be implemented as soon as possible.
Centos: yum update
Ubuntu: apt-get update && apt-get upgrade

2 Change password regularly

Use a complicated password and change it regularly. About how to change password, please refer to How to change passwords for users on the Linux server.

3 Change SSH port

Please refer to How to Change the SSH Port.

4 Enable the Firewall service and block unused ports

Please enable the firewall service and configure it only to allow network traffic that you designate.

5 Use SSH key Instead of the password to log into the Linux server

Next, make these two changes:
  • Disable SSH password authentication.
  • Restrict root from logging in remotely.
Run the command "vi /etc/ssh/sshd_config" and ensure these lines:
PasswordAuthentication yes
PermitRootLogin yes
look like this:
PasswordAuthentication no
PermitRootLogin no
Restart the SSH service to enable your changes. Note that it is a good idea to have two active connections to your server before restarting the SSH server. Having that extra connection allows you to fix anything should the restart go wrong.
$ sudo service sshd restart
About how to SSH to Linux server via Public Key Authentication, please refer to the KB - How to SSH to Linux Server via Public Key Authentication.

Add Feedback