What are some tips for my node's server security?


During the course of being a Linux admin, some tips for securing your server comes to mind.
Below we share some of our tips that we have learned over time.

Tip 1 - Secure your SSH login with Public/Private Keys

We recommend you look at this YouTube tutorial to cover this common practice of securing your server with SSH using public and private key pairs. This video also helps show how to use the popular PUTTY utility to do most of the hard work for you.

Tip 2 - Change your SSH port from 22 to another figure

This is a parameter that can be changed in the sshd_config of your node server.
IMPORTANT: remember to change your ufw firewall rules or you will be locked out

Tip 3 - Disable root access

This is another common used parameter while administering your node's server.
Disable ssh root access in the sshd_config file:

PermitRootLogin no

Be careful exercising this parameter. Make sure you do not lock yourself out. Make sure you have another sudo enabled user on your system to get access to the server once root login has been disabled!

Tip 4 - Remove Password Authentication Method

Use the private/public key ssh authentication method mentioned above. In your ssh_config file edit these parameters:

PasswordAuthentication no

ChallengeResponseAuthentication no

Tip 5 - Don't Allow Empty Passwords (*optional)

In your ssh_config file edit this parameter:

PermitEmptyPasswords no

Totally optional - this is just to allow our node server to reject potential attempts to log in to our server with empty passwords. Reduces any minimal impact on server load if a persistent DOS attack is undergoing. This is so small an effect on server performance you could totally ignore changing this parameter though.

Tip 6 - Set Maximum Authentication Retries

In your ssh_config file edit this parameter:

MaxAuthTries 3

Totally optional - we use 3 but you can leave it at 5 which is the usual default

Tip 7 - Set Maximum Sessions (*optional)

In your ssh_config file edit this parameter:

MaxSessions 2

Totally optional - this can be left at its default setting. However, we like to minimize active sessions to harden our node's security and performance.

Tip 8 - Install and Configure Fail2ban (*optional)

In this tip idea we suggest you follow this video tutorial (about 12 minutes in length) as a guide to harden your server's security.

Fail2Ban helps to protect servers against unauthorized access attempts and brute-force attacks. This tutorial shows you how to install and configure Fail2ban to secure your server.

Tip 9 - Build your Firewall Policy

UFW is a firewall wrapper service on Linux. This a further layer of security that can be added to your node. The following video is a guide to the general administration of this extra layer.

We also recommend you follow Damien Ostrelich's tutorial on setting up your node on this topic:

And revisited in another, but subsequent video to the one above, in this video tutorial:


This answer was published on 03 February 2021