Ubuntu20.04 firewall settings and modification of ssh port number
Outlook feed
I recently got a VPS to do some things myself. As a result, the server's ssh connection exploded for no apparent reason. So here is a record of the following things you should do after purchasing a server to prevent brute force cracking and port blocking.
How to know if ssh is compromised
Check the ssh login log,vim /var/log/auth.log, if a large number is found Authentication failure means that the ssh port is being targeted
How to determine whether the ssh port is blocked
If the VPS IP can be pinged, but cannot be logged in through ssh, the port is most likely blocked. You can consider changing the default 22 for ssh to another port.
Firewall settings
- Ubuntu firewall settings, my server has a firewall installed by default. If the server does not have a firewall, install the firewall first: sudo apt install ufw
- After the firewall is installed, check the server firewall status: sudo ufw status
My firewall status: status: active means started. If it is inactive, it means it is not started. We can pass sudo ufw enable to enable the firewall.
When starting the firewall, the server will prompt: Command may disrupt existing ssh connections. Proceed with operation (y|n)?
This means that the command may interrupt this ssh connection. Do you want to continue?
We choose to continue: y, it will prompt that the firewall is turned on.
Server firewall port opening & closing and ssh default port 22 modification
-
When the firewall status is turned on, we can set open ports. For example, port 22 is used by default for ssh connections. Continue executing sudo ufw allow 22 in the terminal. In this way, port 22 can be accessed.
-
Consider server security factors. I want to block access to the default 22 port of ssh and change it to a custom port instead.
- Step one: First set up the firewall to allow opening the ports you need to customize:sudo ufw allow 1999
- Step 2: Edit the ssh configuration file: sudo vi /etc/ssh/sshd_config Add Port 1999 and save: wq to exit. (Note that if you don’t want to close port 22, you don’t need to comment it out)
- Step 3: After changing the configuration file, restart the ssh service: service ssh restart will take effect.
After doing this, you can configure port 1999 to access the server through ssh. If you want to prohibit port 22 from accessing the server, first close the newly opened port 22 in the firewall: sudo ufw deny 22, and then edit the above mentioned /etc/ssh/sshd_config file, just comment out Port 22.
Personal suggestion is to enable the firewall and modify the default access port after the cloud server is turned on. This makes the server more secure.