Archive

Articles taggués ‘RSA’

Securing your server with iptables

23/12/2015 Comments off

Securing your server with iptables

securing your server linuxIn the Getting Started guide, you learned how to deploy a Linux distribution, boot your Linode and perform some basic administrative tasks. Now it’s time to harden your Linode to protect it from unauthorized access.

Update Your System–Frequently

Keeping your software up to date is the single biggest security precaution you can take for any operating system–be it desktop, mobile or server. Software updates frequently contain patches ranging from critical vulnerabilities to minor bug fixes, and many software vulnerabilities are actually patched by the time they become public.

Automatic Security Updates

There are opposing arguments for and against automatic updates on servers. Nonetheless, CentOS, Debian, Fedora and Ubuntu can be automatically updated to various extents. Fedora’s Wiki has a good breakdown of the pros and cons, but if you limit updates to those for security issues, the risk of using automatic updates will be minimal.

The practicality of automatic updates must be something which you judge for yourself because it comes down to what you do with your Linode. Bear in mind that automatic updates apply only to packages sourced from repositories, not self-compiled applications. You may find it worthwhile to have a test environment which replicates your production server. Updates can be applied there and reviewed for issues before being applied to the live environment.

Add a Limited User Account

Up to this point, you have accessing your Linode as the root user. The concern here is that roothas unlimited privileges and can execute any command–even one that could accidentally break your server. For this reason and others, we recommend creating a limited user account and using that at all times. Administrative tasks will be done using sudo to temporarily elevate your limited user’s privileges so you can administer your server without logging in as root.

To add a new user, log in to your Linode via SSH.

CentOS / Fedora

  1. Create the user, replacing example_user with your desired username, and assign a password:
    useradd example_user && passwd example_user
  2. Add the user to the wheel group for sudo privileges:
    usermod -aG wheel example_user

Debian / Ubuntu

  1. Create the user, replacing example_user with your desired username. You’ll then be asked to assign the user a password.
    adduser example_user
  2. Add the user to the sudo group so you’ll have administrative privileges:
    adduser example_user sudo

With your new user assigned, disconnect from your Linode as root:

exit

Log back in to your Linode as your new user. Replace example_user with your username, and the example IP address with your Linode’s IP address:

ssh example_user@203.0.113.0

Now you can administer your Linode from your new user account instead of root. Superuser commands can now be prefaced with sudo; for example, sudo iptables -L. Nearly all superuser commands can be executed with sudo, and those commands will be logged to /var/log/auth.log.

Lire la suite…

How to Use RSA Key for SSH Authentication

28/01/2014 Comments off

If your daily activity requires loging in a lot of Linux systems through SSH, you will be happy to know (if you don’t already) that there’s a way to allow secure, authenticated remote access, file transfer, and command execution without having to remember passwords for each individual host you connect.

The $HOME/.ssh/authorized_keys file contains the RSA keys allowed for RSA authentication. Each line contains one key, which consists of the following fields: options, bits, exponent, modulus and comment. The first field is optional, bits, exponent and modulus fields give the RSA key and the last field isn’t used at all in the authentication process, but it will be somewhat convenient to the user, for instance to know which key is for which machine.

Before we start, make sure your computer has a ssh client installed and the remote Linux system has ssh installed and sshd running, with RSA authentication enabled (RSAAuthentication yes in /etc/ssh/sshd_config).

Lire la suite…

Categories: Réseau, Système Tags: , , ,

Using Rsync and SSH

09/01/2014 Comments off

Source: troy.jdmz.net

Keys, Validating, and Automation

This document covers using cron, ssh, and rsync to backup files over a local network or the Internet. Part of my goal is to ensure no user intervention is required when the computer is restarted (for passwords, keys, or key managers).
I like to backup some logging, mail, and configuration information sometimes on hosts across the network and Internet, and here is a way I have found to do it. You’ll need these packages installed:
  • rsync
  • openssh
  • cron (or vixie-cron)

Please note these instructions may be specific to Red Hat Linux versions 7.3, 9, and Fedora Core 3, but I hope they won’t be too hard to adapt to almost any *NIX type OS. The man pages for ‘ssh’ and ‘rsync’ should be helpful to you if you need to change some things (use the « man ssh » and « man rsync » commands). Lire la suite…

Categories: Système Tags: , , , ,