need help with server security

[dinob]

someone recently tried to log into my server but failed, however I want to set up SSH Keys to make sure that my server is secured instead of using a username root and then a password.

Jul 23 00:19:08 server1 useradd[20549]: failed adding user 'mailnull', data dele ted
Jul 23 00:37:00 server1 atd[19236]: pam_unix(atd:session): session opened for us er root by (uid=0)
Jul 23 00:37:16 server1 atd[19236]: pam_unix(atd:session): session closed for us er root
Jul 24 00:35:00 server1 atd[28112]: pam_unix(atd:session): session opened for us er root by (uid=0)
Jul 24 00:35:21 server1 atd[28112]: pam_unix(atd:session): session closed for us er root
Jul 25 00:35:00 server1 atd[7868]: pam_unix(atd:session): session opened for use r root by (uid=0)
Jul 25 00:35:22 server1 atd[7868]: pam_unix(atd:session): session closed for use r root

That was recently a hacking attempt but even though my password is strong, having keys would secure it for sure however I have tried to set up keys on my past servers and failed to do so...

I need help setting up SSH Keys!

[soja]

Do you use a VDS? If so make 2 firewall rules using the firewall tab in your control panel

Rule 1:
Accept all packets from these ips:
Add your IP address to this list.

Rule 2:
Block all packets on port 22.


These rules will block any IP other than yours from logging into ssh, even if they have your root password(still keep it very secure!).

[dinob]

Do you use a VDS? If so make 2 firewall rules using the firewall tab in your control panel

Rule 1:
Accept all packets from these ips:
Add your IP address to this list.

Rule 2:
Block all packets on port 22.


These rules will block any IP other than yours from logging into ssh, even if they have your root password(still keep it very secure!).

Can you show me an example of this in the firewall tab?

[hiimcody1]

[dinob]

edit: thanks doing it now

[dinob]

If my IP ever changes and since I would be locked out of my server/SSH, all I have to do is go into the firewall and add my new IP correct?

[kraze]

Correct.

[dinob]

Correct.

That worked I tried to get into SSH with a different IP and didn't let me thanks, but I am still getting someone trying to get into my server even when I restricted SSH to only my IP?

[soja]

Screenshot your firewall tab. Remember to censor your home IP.

[dinob]

Screenshot your firewall tab. Remember to censor your home IP.

Censor my home IP? and this here is my firewall tab settings

[soja]

Do you have a need for all of those rules?

You are not blocking anything on your SSH port.

Why are you blocking traffic on port 50687?


If you don't know what you're doing, remove all of those firewall rules, they will add overhead to your connections.

Just use the 2 basic rules shown in this thread.

[dinob]

Do you have a need for all of those rules?

You are not blocking anything on your SSH port.

Why are you blocking traffic on port 50687?


If you don't know what you're doing, remove all of those firewall rules, they will add overhead to your connections.

Just use the 2 basic rules shown in this thread.

Yes, those rules are to block ddos attacks.

my SSH port is 50687, not 22. I changed the port from 22 -> 50687

[soja]

You are being way over-cautious. Most of those rules are useless, and if you do recieve an attack that one of those pre-built rules can filter, it will most likely be filtered at the router level by NFO anyway, making the rule useless.

You even have a lot of overlapping rules, and ones that don't make sense. You allow icmp traffic, but then block it a few rules later.

I have had services here for over 2 years and I have only used these rules a very small amount of times. You are just going to run into problems with all of these rules.

If you changed your port to something not usually used by SSH, and properly blocked it, then you are seeing something else in your OS.

[kraze]

It's also important not to overuse that page. Each packet that comes in on your server needs to be scanned for matching characteristics. Having a lot of rules like that not only hurts your own performance, but can have an effect on the overall machine since that firewall is run on the host machine.