Posts Tagged ‘Linux Home Server How To’
Secure a Linux Home Server
There are plenty of reasons to set up a home server. You might use it as a media server, a file server, or even a local backup server. Basically, any files of yours that don’t need to be online are good candidates for a home server. Setting up a Linux-powered home server is relatively easy, especially these days. That said, keeping that server secure is another story altogether. Security can be as tricky, as it is important.
Only Install What You Absolutely Need
One of the easiest ways to keep your home server secure is to keep security in mind from the very beginning. This starts with installation. Are you unsure if you need an application or service? Don’t install it. You can always install it later.
If you’ve installed Linux a few times, this is even easier. Instead of sticking with the defaults, use the modes that give you the most control over installation. Sometimes these are named “expert mode” or something similar.
Carefully keeping track of install options can save you time disabling services for security reasons later.
Configure sudo
Before you move on to any other steps, you need to configure sudo. Why? Because once we’re done here, you’ll log into your server via SSH, and you won’t be able to log in as the root account. To make any further changes to your system, you’ll need to use sudo.
First, check to see if you’re already able to use sudo. From your user account, run the following with your username instead of USERNAME:
sudo -lU USERNAME
If you see a message displayed stating that your username can run “(ALL) ALL,” or something similar, you’re ready to move on.
Now, as the root account on your server, run the following to edit the “/etc/sudoers” file. If you prefer another editor, use it instead of nano.
EDITOR=nano visudo
Edit the file to include the following, with your username instead of USERNAME:
USERNAME ALL=(ALL) ALL
Configure SSH
You may already have SSH enabled on your home server. You likely do, in fact, as this is typically the way you interact with a server.
First, make sure OpenSSH is installed. If you use another distribution, your command will vary, but the package name should be fairly consistent. On Ubuntu, run the following:
sudo apt install openssh-server
Using key-based authentication is much more secure than password authentication, so we’ll set up SSH to work this way. To do this, make sure you’re working on a client you plan to connect to the server with, not the server itself. First, you want to make sure you don’t already have any SSH keys:
ls ~/.ssh/
If you see “id_rsa” and “id_rsa.pub” among the filenames listed, you already have SSH keys. Skip this next step.
ssh-keygen -t rsa -b 4096 -C "youremail@domain.com"
Now you’ll copy the SSH key to your server:
ssh-copy-id USERNAME@SERVER
For a home server, you may likely be using an IP address for your server instead of a name. If you don’t know your server name, use your IP address instead of SERVER above.
Now we’ll edit your SSH settings to secure them more. Log into your server from the client on which you created the keys. This will enable you to log in again after this step.Run the following, replacing nano with the editor of your choice.
sudo nano /etc/ssh/sshd_config
Edit the file and with the following settings. These will be located in various places in the file. Make sure there are no duplicates, as only the first instance of a setting will be followed.
ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no PermitRootLogin no
Now you need to restart the SSH server with one of the following commands.
On Ubuntu, run:
sudo systemctl restart ssh Read More
Best Linux For Home Web Server, Best Linux Home Server Os, Best Linux Home Server Software, Linux Home Cloud Server, Linux Home Server Distro, Linux Home Server How To, Linux Home Server Setup, Linux Home Server Ubuntu