Node security

Always backup your server before making changes in case anything goes wrong!

A) SSH Keys: https://geordie-r.medium.com/coti-node-hardening-guide-part-1-53663af71abf (Make sure to complete the step in which you copy your SSH key to the other Ubuntu username you created during setup - this will be necessary to disable root login later.)

B) Change SSH Port: https://geordie-r.medium.com/coti-node-hardening-guide-part-2-78169c6d064f

C) Ubuntu Pro and Livepatch: https://coti.nebula-tech.io/knowledgebase/ubuntu-pro

D) Fail2ban: https://geordie-r.medium.com/coti-node-hardening-guide-part-3-badaae9e1d77 (Ubuntu pro has already been activated if you followed the instructions in C)

E) Disable root login:

1.) Log in with root access (username: root)

2.) Set a password for the Ubuntu user you created during setup. (If you are unsure create a new user with the instructions at the bottom of the page and then continue with step 3.) Replace USERNAME with the actual username. Hit Enter, type in the password and hit enter again. From now on you need to enter this password if you want to perform a command that needs root access.

passwd USERNAME

3.) Type in:

sudo nano /etc/ssh/sshd_config

4.) Look for "PermitRootLogin" (CTRL+W - type in PermitRootLogin - Enter). Then change yes to no.

5.) Save (CTRL+X), y, Enter

6.) Restart the sshd service:

sudo systemctl restart sshd

7.) Check if root access with your other user name works. Switch to your other user. (Replace USERNAME with the actual username).

su - USERNAME

8.) Verify that this user has superuser privileges:

sudo ls -la /root

If this worked, continue with step 9. If this didn't work, add your new user to the sudo group to get superuser privileges (replace USERNAME with the actual username).

usermod -aG sudo USERNAME

9.) Now the root login is not possible anymore. You need to login with your username, and once logged in you need to enter your password if you want to get root access.

-------------------------------------------------------------------------------

If the above steps didn't work you can also create a new user and add it to the sudo group.

1.) Log in with root access (user: root)

2.) After typing this in, follow the instructions (you can also just press Enter), replace USERNAME with your preferred username:

sudo adduser USERNAME

3.) Add your new user to the sudo group to get superuser privileges (replace USERNAME with the actual username):

usermod -aG sudo USERNAME

4.) Copy the SSH keys to your new username by copying and pasting the whole code below. When asked, type in the new username you have just created:

sudo wget https://raw.githubusercontent.com/Geordie-R/CopyRootSSH/master/copyrootssh.sh && sudo chmod +x copyrootssh.sh && sudo ./copyrootssh.sh && sudo rm copyrootssh.sh

5.) Then continue with step 2 (set password for new username) from the instructions above

Last updated