# Node security {% hint style="warning" %} Always backup your server before making changes in case anything goes wrong! {% endhint %} **A) SSH Keys**: (Make sure to complete the step in which you copy your SSH key to the other Ubuntu username you created during setup - this will be necessary to disable root login later.) **B) Change SSH Port**: In Ubuntu 24.04. use these commands to use the SSH service ``` systemctl daemon-reload systemctl restart ssh.socket ``` **C) Ubuntu Pro and Livepatch:** **D) Fail2ban**: (Ubuntu pro has already been activated if you followed the instructions in C) **E)** **Disable root login**: 1.) Log in with root access (username: root) 2.) Set a password for the Ubuntu user you created during setup. (If you are unsure create a new user with the instructions at the bottom of the page and then continue with step 3.) Replace USERNAME with the actual username. Hit Enter, type in the password and hit enter again. From now on you need to enter this password if you want to perform a command that needs root access. ``` passwd USERNAME ``` 3.) Type in:

sudo nano /etc/ssh/sshd_config

4.) Look for "PermitRootLogin" (CTRL+W - type in PermitRootLogin - Enter). Then change yes to no.

5.) Save (CTRL+X), y, Enter
6.) Restart the sshd service: ``` sudo systemctl restart sshd ``` 7.) Check if root access with your other user name works. Switch to your other user. (Replace USERNAME with the actual username). ``` su - USERNAME ``` 8.) Verify that this user has superuser privileges: ``` sudo ls -la /root ``` If this worked, continue with step 9. If this didn't work, add your new user to the sudo group to get superuser privileges (replace USERNAME with the actual username). ``` usermod -aG sudo USERNAME ``` 9.) Now the root login is not possible anymore. You need to login with your username, and once logged in you need to enter your password if you want to get root access. \------------------------------------------------------------------------------- **If the above steps didn't work** you can also **create a new user** and add it to the sudo group. 1.) Log in with root access (user: root) 2.) After typing this in, follow the instructions (you can also just press Enter), replace USERNAME with your preferred username: ``` sudo adduser USERNAME ``` 3.) Add your new user to the sudo group to get superuser privileges (replace USERNAME with the actual username): ``` usermod -aG sudo USERNAME ``` 4.) Copy the SSH keys to your new username by copying and pasting the whole code below. When asked, type in the new username you have just created: ``` sudo wget https://raw.githubusercontent.com/Geordie-R/CopyRootSSH/master/copyrootssh.sh && sudo chmod +x copyrootssh.sh && sudo ./copyrootssh.sh && sudo rm copyrootssh.sh ``` 5.) Then continue with step 2 (set password for new username) from the instructions above --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://faq.coticommunity.com/node-operation/setup/node-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.