Differences

This shows you the differences between two versions of the page.

--- haredning_debian_server [2026/02/27 23:30] – created tomek
+++ haredning_debian_server [2026/02/28 01:49] (current) – removed tomek
@@ Line 1: / Line 1: @@
-====== Hardening Debian Server ======
-[[https://www.youtube.com/watch?v=t8LS3F5Iu8Y]]
-===== Creating and import ssh key =====
-<code>
-ssh-keygen -t ed25519 -f /your-key-location/your-key-filename -C "your-key-comment"
-cat a.pub | ssh tomek@192.168.100.105 "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"
-// or simply using command ssh-copy-id //
-ssh-copy-id -i /your-key-location/your-key-filename user@host
-</code>
-===== Edit ssh config =====
-<code>
-# nano /etc/ssh/sshd_config
-PermitRootLogin no
-PubkeyAuthentication yes
-PasswordAuthentication no
-# systemctl restart ssh
-# systemctl restart sshd
-</code>
-===== Creating basic iptables firewall =====
-<code>
-# touch /etc/firewall
-# nano /etc/firewall
-/usr/sbin/iptables -F
-/usr/sbin/iptables -F -t nat
-/usr/sbin/iptables -F -t mangle
-/usr/sbin/ip6tables -F
-/usr/sbin/ip6tables -X
-/usr/sbin/ip6tables -F -t mangle
-/usr/sbin/ip6tables -X -t mangle
-/usr/sbin/ip6tables -P INPUT DROP
-/usr/sbin/ip6tables -P OUTPUT DROP
-/usr/sbin/ip6tables -P FORWARD DROP
-/usr/sbin/ip6tables -A INPUT -i lo -j ACCEPT
-/usr/sbin/ip6tables -A OUTPUT -o lo -j ACCEPT
-for ip in insert_your_ips_here; do
-  /usr/sbin/iptables -A INPUT -p tcp -s $ip  --dport 22 -j ACCEPT
-done
-/usr/sbin/iptables -A INPUT -p tcp --dport 22 -j REJECT
-# nano /etc/systemd/system/firewall.service
-[Unit]
-Description=firewall
-After=network.target
-[Service]
-RemainAfterExit=yes
-ExecStart=/etc/firewall start
-ExecStop=/etc/firewall stop
-[Install]
-WantedBy=multi-user.target
-# systemctl enable firewall
-# systemctl start firewall