When setting up a Linux system, security is supposed to be an important part of all the stages. A good knowledge of the fundamentals of Linux is essential to implement a good security policy on the machine.
In this article by Tajinder Pal Singh Kalsi, author of the book, Practical Linux Security Cookbook, we will discuss the following topics:
(For more resources related to this topic, see here.)
SSH or Secure Shell is a protocol which is used to log onto remote systems securely and is the most used method for accessing remote Linux systems.
To see how to use SSH, we need two Ubuntu systems. One will be used as server and the other as client.
To use SSH we can use freely available software called—OpenSSH. Once the software is installed it can be used by the command ssh, on the Linux system. We will see how to use this tool in detail.
sudo apt-get install openssh-server
sudo apt-get install openssh-client
sudo service ssh start
ssh remote_ip_address
Here remote_ip_address refers to the IP address of the server system. Also this command assumes that the username on the client machine is the same as that on the server machine:
ssh remote_ip_address
If we want to login for different user, the command will be as follows:
ssh username@remote_ip_address
sudo cp /etc/ssh/sshd_config{,.bak}
ssh -p port_numberremote_ip_address
As we can see when we run the command without specifying the port number, the connection is refused. Next when we mention the correct port number, the connection is established.
SSH is used to connect a client program to a SSH server. On one system we install the openssh-server package to make it the SSH server and on the other system we install the openssh-client package to use it as client.
Now keeping the SSH service running on the server system, we try to connect to it through the client.
We use the configuration file of SSH to change the settings like default port for connecting.
The Linux systems have root account by default which is enabled by default. If unauthorized users get ssh root access on the system, it is not a good idea because this will give an attacker access to the complete system.
We can disable or enable the root login for ssh as per requirement to prevent the chances of an attacker getting access to the system.
We need 2 Linux systems to be used as server and client. On the server system, install the package openssh-server, as shown in the preceding recipe.
First we will see how to disable SSH Root login and then we will also see how to enable it again
sudo nano /etc/ssh/sshd_config
PermitRootLogin yes
PermitRootLogin no
PermitRootLogin yes
When we try to connect to a remote system using SSH, the remote system checks its configuration file at /etc/ssh/sshd_config and according to the details mentioned in this file it decides whether the connection should be allowed or refused.
When we change the value of PermitRootLogin according the working also changes.
Suppose we have many user accounts on the systems, then we need to edit the /etc/ssh/sshd_config file in such a way that remote access is allowed only for few mentioned users.
sudo nano /etc/ssh/sshd_config
Add the line:
AllowUsers tajinder user1
Now restart the ssh service:
sudo service ssh restart
Now when we try to login with user1, the login is successful. However, when we try to login with user2 which is not added in /etc/ssh/sshd_config file, the login fails and we get the error Permission denied, as shown here:
Even though SSH login is protected by using passwords for the user account, we can make it more secure by using Key based authentication into SSH.
To see how key based authentication works, we would need two Linux system (in our example both our Ubuntu systems). One should have the OpenSSH server package installed on it.
To use key-based authentication, we need to create a pair of keys—a private key and a public key.
ssh-keygen-trsa
ssh-copy-id 192.168.1.101
We can see that now we are not prompted for the user account’s password. Since we had configured the passphrase for the SSH key, it has been asked. Otherwise we would have been logged into the system without being asked for the password.
When we create the SSH key pair and move the public key to the remote system, it works as an authentication method for connecting to the remote system. If the public key present in the remote system matches the public key generated by the local system and also the local system has the private key to complete the key-pair, the login happens. Otherwise, if any key file is missing, login is not allowed.
Linux security is a massive subject and everything cannot be covered in just one article. Still, Practical Linux Security Cookbook will give you a lot of recipes for securing your machine. It can be referred to as a practical guide for the administrators and help them configure a more secure machine.
Further resources on this subject:
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…