# Node security

{% hint style="warning" %}
Always backup your server before making changes in case anything goes wrong!
{% endhint %}

<mark style="color:yellow;">**A) SSH Keys**</mark>: <https://geordie-r.medium.com/coti-node-hardening-guide-part-1-53663af71abf> (Make sure to complete the step in which you copy your SSH key to the other Ubuntu username you created during setup - this will be necessary to disable root login later.)

<mark style="color:yellow;">**B) Change SSH Port**</mark>: <https://geordie-r.medium.com/coti-node-hardening-guide-part-2-78169c6d064f>

In Ubuntu 24.04. use these commands to use the SSH service

```
systemctl daemon-reload
systemctl restart ssh.socket
```

<mark style="color:yellow;">**C) Ubuntu Pro and Livepatch:**</mark> <https://coti.nebula-tech.io/knowledgebase/ubuntu-pro>

<mark style="color:yellow;">**D) Fail2ban**</mark>: <https://geordie-r.medium.com/coti-node-hardening-guide-part-3-badaae9e1d77> (Ubuntu pro has already been activated if you followed the instructions in C)

<mark style="color:yellow;">**E)**</mark> <mark style="color:yellow;">**Disable root login**</mark>:

1.) Log in with root access (username: root)

2.) Set a password for the Ubuntu user you created during setup. (If you are unsure create a new user with the instructions at the bottom of the page and then continue with step 3.) Replace USERNAME with the actual username. Hit Enter, type in the password and hit enter again. From now on you need to enter this password if you want to perform a command that needs root access.&#x20;

```
passwd USERNAME
```

3.) Type in:

<pre><code><strong>sudo nano /etc/ssh/sshd_config
</strong></code></pre>

4.) Look for "PermitRootLogin" (CTRL+W - type in PermitRootLogin - Enter). Then change yes to no.

<div align="left"><figure><img src="https://1669873050-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fbb9VxoqAgZO2p5RjTuh9%2Fuploads%2F9sB8gGJpH80WegSDsFbh%2Fimage.png?alt=media&#x26;token=86e2e5c7-d764-4ddb-9757-59e77c22f4d3" alt=""><figcaption></figcaption></figure></div>

5.) Save (CTRL+X), y, Enter<br>

6.) Restart the sshd service:

```
sudo systemctl restart sshd
```

7.) Check if root access with your other user name works. Switch to your other user.  (Replace USERNAME with the actual username).

```
su - USERNAME
```

8.) Verify that this user has superuser privileges:

```
sudo ls -la /root
```

If this worked, continue with step 9. If this didn't work, add your new user to the sudo group to get superuser privileges (replace USERNAME with the actual username).&#x20;

```
usermod -aG sudo USERNAME
```

9.) Now the root login is not possible anymore. You need to login with your username, and once logged in you need to enter your password if you want to get root access.

\-------------------------------------------------------------------------------

<mark style="color:yellow;">**If the above steps didn't work**</mark> you can also <mark style="color:yellow;">**create a new user**</mark> and add it to the sudo group.

1.) Log in with root access (user: root)

2.) After typing this in, follow the instructions (you can also just press Enter), replace USERNAME with your preferred username:

```
sudo adduser USERNAME
```

3.) Add your new user to the sudo group to get superuser privileges (replace USERNAME with the actual username):

```
usermod -aG sudo USERNAME
```

4.) Copy the SSH keys to your new username by copying and pasting the whole code below. When asked, type in the new username you have just created:

```
sudo wget https://raw.githubusercontent.com/Geordie-R/CopyRootSSH/master/copyrootssh.sh && sudo chmod +x copyrootssh.sh && sudo ./copyrootssh.sh && sudo rm copyrootssh.sh
```

5.) Then continue with step 2 (set password for new username) from the instructions above