Server Guides: Difference between revisions
commands |
|||
| Line 21: | Line 21: | ||
* '''No Root Login''': Disable root login to enhance security. | * '''No Root Login''': Disable root login to enhance security. | ||
* '''SSH Keys with Password''': Use SSH keys with a passphrase and disable password login. | * '''SSH Keys with Password''': Use SSH keys with a passphrase and disable password login. | ||
* '''VPN Access''': | * '''VPN Access''': VPN access is required to reach the SSH server. | ||
* '''Firmware and Auto Updates''': Enable automatic updates for both firmware and software. | * '''Firmware and Auto Updates''': Enable automatic updates for both firmware and software. | ||
* '''Firewall''': Configure a firewall to control incoming and outgoing traffic. | * '''Firewall''': Configure a firewall to control incoming and outgoing traffic. | ||
| Line 35: | Line 35: | ||
* '''Data Encryption''': Encrypt all data communication. | * '''Data Encryption''': Encrypt all data communication. | ||
** Use ''scp'', ''ssh'', ''rsync'', or ''sftp'' for file transfer. | ** Use ''scp'', ''ssh'', ''rsync'', or ''sftp'' for file transfer. | ||
** Consider | ** Consider reverse proxy (tail scale, Cloudflare) or wireguard. | ||
* '''Service Management''': | * '''Service Management''': | ||
** Avoid using insecure services like FTP, Telnet, and Rsh. | ** Avoid using insecure services like FTP, Telnet, and Rsh. | ||
| Line 41: | Line 41: | ||
* '''Kernel and Software Updates''': | * '''Kernel and Software Updates''': | ||
** Apply all security patches promptly. | ** Apply all security patches promptly. | ||
** | *** Use an Ansible Script to patch multiple servers periodically including OS, docker, git, etc | ||
* '''Linux Security Extensions''': | * '''Linux Security Extensions''': | ||
** Enable SELinux or other security extensions to enforce limitations on applications. | ** Enable SELinux or other security extensions to enforce limitations on applications. | ||