Hi, i have a minigames server with a friend and we're starting to grow, we managed to buy two VPS and everything was going fine until yesterday, we got hacked, both VPS got hacked, i was like WTF our password we're pretty strong, they were random generated, but seems like it wasn't enough, after many ours of fixing stuff we managed to fix everything, we're now using even stronger passwords but they still are trying to get into our VPS, they tried from yesterday to today over 1500 times to get into our VPS, how can we improve this ? We can't keep growing if we keep getting hacked, what do you guys suggest ?
Install CSF (configserver security & firewall), really recommend it! If configured correctly it can block anyone's IP who keeps trying to login to your server (brute force attacks) This should really help your situation. Also SSH keys as mentioned above.
I must be doing something wrong, i tried to isntall SSH keys following this tutorial but i can still log in without using 'ssh [email protected]'. Also i have some questions, how is this more secure than a password ? I only have to use a passphrase to log-in, what im doing wrong ?
If you have a key only people with that file can get in. They would need your key file, just like a IRL key to your house.
But im not using any KEY to get into my server ? What im doing wrong. Also the key is on the server not on my PC, how im supposed to get it?
You obviously haven't set it up correctly. Follow a tutorial like this one - https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
There's a useful tool called PuTTYGen when it comes to generating SSH keys. Use this software to generate a 2048 bit key, and follow the instructions with the exception of generating the key on your/Connor's tutorial.
Yeah im probably doing something wrong, i was following that tutorial, and it generated the KEY and everything but i haven't get any KEY on my PC, how does it know if i have the key ?
It will generate it on the server and you have to download it, or use PuttyGen to generate the key instead
Somewhere on your computer, depending how you connect you'll then have to use it for your SSH connection.
Preferably, I keep mine in my documents folder. Keep it somewhere you can easily access it, and recover if it's deleted.
Personally I have mine on Dropbox, that way it's kinda backed up and accessible on all my computers. Obviously put it anywhere but once you disable password auth do not lose your key xD
Amen, brother. I keep my key backed up on five USB drives, I never let more than one leave my sight. Spoiler Dirty dirty, I keep this particular one plugged into my laptop all times.
I managed to do most of the tutorial, but i can't disable password login, im trying to the the ssh config with "sudo vi /etc/ssh/sshd_config" i go to the "PasswordAuthentication" and i change it to "no", but how i can save these changes ? Because i can't write commands or anything. Edit: I managed to get out with ':w' but when i try to use 'service ssh restart' it says "Failed to reload ssh.service: Unit ssh.service failed to load: No such file or directory."
Or use KVM as a backup My sexy KVM screen: https://drive.google.com/file/d/0Bzi7TczKmNTuaUtBck8wb0JFQzA/view?usp=drivesdk (web tho but its awesome if I locked myself out xD)
Use sshd for restarting ssh. And use the letter I without using SHIFT or ETC to enter test and such and then press ESC and then :wq for save & quit and otherwise just get nano
no. plz. Never rely on KVM. Let alone, not all hosts give you KVM access. @OP: - Change SSH port (stops a lot of brute force attacks, from people who just scan the internet on port 22). - Disable root login - Use strong SSH keys, I personally use 4096 bit keys as 1024bit keys have been confirmed to of been cracked, there are rumours that 2048bit keys have been hacked (I have no sources, sorry ) - Password protect your keys - If you have a laptop, or second PC, generate keys on that too, and add that to your authorized_keys (instead of backing up your keys, this is better). - Install fail2ban, and configure it. Configure it as best you can, so you get email notifications when someone is banned. If it's an IP you've never seen before, no harm in permanently blacklisting it on your SSH port. - If you have Redis installed, firewall it. - ^ same goes for any open ports really, any ports you don't need open, close them. Spoiler: Why avoid backing up SSH keys If they get leaked, you're fucked. If you can put them on two devices that you own, access and control entirely, that's good enough. If you somehow manage both, what the hell.
