This is an old revision of the document!

Hardening Debian Server

https://www.youtube.com/watch?v=t8LS3F5Iu8Y

Creating and import ssh key

ssh-keygen -t ed25519 -f /your-key-location/your-key-filename -C "your-key-comment"

cat a.pub | ssh tomek@192.168.100.105 "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

// or simply using command ssh-copy-id //

ssh-copy-id -i /your-key-location/your-key-filename user@host

Edit ssh config

# nano /etc/ssh/sshd_config
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no

# systemctl restart ssh
# systemctl restart sshd

Creating basic iptables firewall

<code> # touch /etc/firewall # nano /etc/firewall /usr/sbin/iptables -F /usr/sbin/iptables -F -t nat /usr/sbin/iptables -F -t mangle

/usr/sbin/ip6tables -F /usr/sbin/ip6tables -X /usr/sbin/ip6tables -F -t mangle /usr/sbin/ip6tables -X -t mangle

/usr/sbin/ip6tables -P INPUT DROP /usr/sbin/ip6tables -P OUTPUT DROP /usr/sbin/ip6tables -P FORWARD DROP

/usr/sbin/ip6tables -A INPUT -i lo -j ACCEPT /usr/sbin/ip6tables -A OUTPUT -o lo -j ACCEPT

for ip in insert_your_ips_here; do

/usr/sbin/iptables -A INPUT -p tcp -s $ip  --dport 22 -j ACCEPT

done /usr/sbin/iptables -A INPUT -p tcp –dport 22 -j REJECT

# nano /etc/systemd/system/firewall.service [Unit] Description=firewall After=network.target

[Service] RemainAfterExit=yes ExecStart=/etc/firewall start ExecStop=/etc/firewall stop

[Install] WantedBy=multi-user.target

# systemctl enable firewall # systemctl start firewall

KNL

Table of Contents

Hardening Debian Server

Creating and import ssh key

Edit ssh config

Creating basic iptables firewall