Table of Contents
The first level of security of your server is to assure that your username and password are well chosen so as to not be easily guessed.
Choice of servers
Do not use FTP
FTP does not encrypt any information. Your username, password, files, etc. are are sent open and unencrypted during a session. This means that they can be intercepted by anyone 'listening'.
By only allowing access to your server via SSH, you can assure that you are only sending encrypted data. Also, SSH helps prevent brute force attacks, because it forces you to wait 5 seconds after a failed password attempt.
Therefore, prefer sftp or scp over ftp if you are comfortable with a more technical environment and if security is of high importance.
Limit access to root via sudoers (experts only)
This may not be applicable to your distribution. Please check with your distribution documentation before proceeding. See also: man sudoers for full documentation
You can use the /etc/sudoer file to assign which user has the right to log in as root, by first setting up a specific user or users with access to root, and then by locking root using the command:
sudo passwd -l root
Securing PermitRootLogin (experts only)
This may not be applicable to your distribution. Please check with your distribution documentation before proceeding.
Changing the value
To prevent the public from having access to the possibility of logging in as root on your machine, you can change a setting in the SSH configuration file so that you need to first log in as one user, and the pass to root using su. The advantage of this approach is that you need to know at least two passwords to have control over the machine.
The SSH configuration file is found here:
In this file, change the value of PermitRootLogin from 'yes' to 'no' and then restart the SSH server. If you are using a terminal interface, switch to 'root' and type:
New logging in procedure for "root"
If the PermitRootLogin is “no” or not declared as it is in some distributions by default, in order to connect as root, you will need to type the following once you are connected:
In order to have root access, however, you will obviously still need to know the root password.