What are some tips for my node's server security?
Introduction
During the course of being a Linux admin, some tips for securing your server comes to mind.
Below we share some of our tips that we have learned over time.
Tip 1 - Secure your SSH login with Public/Private Keys
We recommend you look at this YouTube tutorial to cover this common practice of securing your server with SSH using public and private key pairs. This video also helps show how to use the popular PUTTY utility to do most of the hard work for you.
Tip 2 - Change your SSH port from 22 to another figure
This is a parameter that can be changed in the sshd_config of your node server.
IMPORTANT: remember to change your ufw firewall rules or you will be locked out
Tip 3 - Disable root access
This is another common used parameter while administering your node's server.
Disable ssh root access in the sshd_config file:
PermitRootLogin no
Be careful exercising this parameter. Make sure you do not lock yourself out. Make sure you have another sudo enabled user on your system to get access to the server once root login has been disabled!
Tip 4 - Remove Password Authentication Method
Use the private/public key ssh authentication method mentioned above. In your ssh_config file edit these parameters:
PasswordAuthentication no
ChallengeResponseAuthentication no
Tip 5 - Don't Allow Empty Passwords (*optional)
In your ssh_config file edit this parameter:
PermitEmptyPasswords no
Totally optional - this is just to allow our node server to reject potential attempts to log in to our server with empty passwords. Reduces any minimal impact on server load if a persistent DOS attack is undergoing. This is so small an effect on server performance you could totally ignore changing this parameter though.
Tip 6 - Set Maximum Authentication Retries
In your ssh_config file edit this parameter:
MaxAuthTries 3
Totally optional - we use 3 but you can leave it at 5 which is the usual default
Tip 7 - Set Maximum Sessions (*optional)
In your ssh_config file edit this parameter:
MaxSessions 2
Totally optional - this can be left at its default setting. However, we like to minimize active sessions to harden our node's security and performance.
Tip 8 - Install and Configure Fail2ban (*optional)
In this tip idea we suggest you follow this video tutorial (about 12 minutes in length) as a guide to harden your server's security.
Fail2Ban helps to protect servers against unauthorized access attempts and brute-force attacks. This tutorial shows you how to install and configure Fail2ban to secure your server.
Tip 9 - Build your Firewall Policy
UFW is a firewall wrapper service on Linux. This a further layer of security that can be added to your node. The following video is a guide to the general administration of this extra layer.
We also recommend you follow Damien Ostrelich's tutorial on setting up your node on this topic:
And revisited in another, but subsequent video to the one above, in this video tutorial:
Links used in this answer:
- Video on Securing SSH with Public and Private RSA Keys Using Putty: https://www.youtube.com/watch?v=vj29uVUX1Ys&list=PLrY3bhudbxYF9dCI-xC10UiWqONXqGSpB&index=3&t=6s
- Fail2ban video tutorial: https://www.youtube.com/watch?v=kgdoVeyoO2E
- Configuring Firewall rules with UFW video tutorial: https://www.youtube.com/watch?v=kugZ_HgeiqI
-
Building a Cardano Stake Pool from Scratch Tutorial (by Garden [EDEN] Pool): https://www.youtube.com/watch?v=7zflUC9oXao&t=836s
-
Basic Cardano Stake Pool Security by Garden [EDEN] Pool: https://www.youtube.com/watch?v=tCfZOOOY9fU&t=108s
- How do I improve my OpenSSH security on my node? https://cutt.ly/ekdK4BP
This answer was published on 03 February 2021
Shortcut link to this page:
https://cutt.ly/zkgM0ET
No Comments