Common-sense security for SSH on a new Debian server
Last night I went to DigitalOcean and spun up a tiny new, $4/month droplet – on my own dime! It sounds crazy, but I’ve never actually wanted to pay for hosting myself before. But I have a fun little web app cooking up, one that might eventually pay that $4/month back with interests, and I decided, why not, it’s time to finally put some of my own skin in the game with this whole sysadmin thing.
Last night, and this morning, I think we managed to successfully set up SSH in a way which is protected against most attackers who are not specifically motivated to attack me. Script kiddies and the like. As a dutiful bureaucrat I always like to make checklists out of complicated processes I’m too dumb to remember myself, so here it is: My “common-sense SSH security” checklist.
We’re starting with the “worst-case” scenario here: root is both enabled, and has a password-based SSH login.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25590106/STK054_NINTENDO_D.jpg)
