{"id":47417,"date":"2024-11-14T09:35:16","date_gmt":"2024-11-14T09:35:16","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=47417"},"modified":"2024-11-14T09:39:27","modified_gmt":"2024-11-14T09:39:27","slug":"ssh-tutorials-complete-master-guide","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/ssh-tutorials-complete-master-guide\/","title":{"rendered":"SSH Tutorials Complete Master Guide"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">List of Commands to Check, Add, Edit Firewall configuration of SSH in ubuntu<\/h2>\n\n\n\n<p>Here is a comprehensive set of commands for managing SSH firewall configurations on Ubuntu, using both <strong>UFW<\/strong> and <strong>iptables<\/strong>. You can use these commands to check, add, edit, and delete firewall rules for SSH.<\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/devops-school\/b3d7c3135e77a1ca7450832d25396047.js\"><\/script>\n\n\n\n<h2 class=\"wp-block-heading\">List of options to change in SSH configuration from Preventing from DDOS attack<\/h2>\n\n\n\n<p>To harden your SSH configuration on Ubuntu and help prevent DDoS attacks, you can adjust several settings in the SSH configuration file (<code>\/etc\/ssh\/sshd_config<\/code>). Below are options you can modify to improve security against DDoS and brute-force attacks.<\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/devops-school\/80dbd18c3c6659e70ac1dab6e06949ed.js\"><\/script>\n\n\n\n<h2 class=\"wp-block-heading\">List of options to Preventing from DDOS attack in AWS Security Group<\/h2>\n\n\n\n<p>To prevent DDoS attacks on AWS EC2 instances, you can configure your <strong>AWS Security Groups<\/strong> with specific rules to control access and reduce exposure. Here are some best-practice options for configuring security groups to enhance protection against DDoS attacks:<\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/devops-school\/8b12644548792154ac57801ded14cc9c.js\"><\/script>\n\n\n\n<h2 class=\"wp-block-heading\">List of Approach to protect SSH session from Preventing from DDOS attack<\/h2>\n\n\n\n<p>To protect SSH sessions from DDoS attacks, you can apply several best practices, configurations, and additional tools to safeguard your SSH access. Below is a comprehensive list of approaches for securing SSH against DDoS and brute-force attacks.<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># Approaches to Protect SSH Sessions from DDoS Attacks<\/span>\n\n<span class=\"hljs-comment\"># 1. Restrict SSH Access to Specific IP Addresses or Ranges<\/span>\n<span class=\"hljs-comment\"># Limit SSH access to known IPs by configuring firewall rules to only allow connections from trusted IPs or ranges.<\/span>\n<span class=\"hljs-comment\"># On AWS: Use Security Groups to allow SSH only from specific IPs.<\/span>\n<span class=\"hljs-comment\"># On Ubuntu: Use UFW or iptables to permit only trusted IPs for SSH access.<\/span>\n\n<span class=\"hljs-comment\"># Example (AWS Security Group): Allow SSH from a specific IP<\/span>\n- Type: SSH\n- Protocol: TCP\n- Port Range: <span class=\"hljs-number\">22<\/span>\n- Source: &lt;Trusted IP <span class=\"hljs-keyword\">or<\/span> IP Range&gt;\n\n<span class=\"hljs-comment\"># 2. Use a VPN for SSH Access<\/span>\n<span class=\"hljs-comment\"># Set up a VPN to restrict SSH access to users connected through the VPN.<\/span>\n<span class=\"hljs-comment\"># VPNs, like AWS Client VPN or OpenVPN, add an additional layer of security and restrict access to authorized users only.<\/span>\n\n<span class=\"hljs-comment\"># 3. Change the Default SSH Port (Obscurity)<\/span>\n<span class=\"hljs-comment\"># Use a non-standard port for SSH to reduce random DDoS attacks on port 22.<\/span>\n<span class=\"hljs-comment\"># Update SSH configuration in \/etc\/ssh\/sshd_config:<\/span>\nPort <span class=\"hljs-number\">2222<\/span>\n<span class=\"hljs-comment\"># <span class=\"hljs-doctag\">Note:<\/span> Update firewall rules to allow the new SSH port.<\/span>\n\n<span class=\"hljs-comment\"># 4. Limit Concurrent and Unauthenticated Connections<\/span>\n<span class=\"hljs-comment\"># Configure sshd settings to limit the number of concurrent sessions and new connections.<\/span>\n<span class=\"hljs-comment\"># Edit \/etc\/ssh\/sshd_config to include:<\/span>\nMaxSessions <span class=\"hljs-number\">2<\/span>               <span class=\"hljs-comment\"># Limit the number of sessions per connection<\/span>\nMaxStartups <span class=\"hljs-number\">10<\/span>:<span class=\"hljs-number\">30<\/span>:<span class=\"hljs-number\">60<\/span>        <span class=\"hljs-comment\"># Controls unauthenticated connections: 10 allowed, drop rate at 30%, and refuse at 60<\/span>\n\n<span class=\"hljs-comment\"># 5. Use SSH Key-Based Authentication and Disable Passwords<\/span>\n<span class=\"hljs-comment\"># Disable password authentication to prevent brute-force attacks and require SSH keys.<\/span>\n<span class=\"hljs-comment\"># In \/etc\/ssh\/sshd_config:<\/span>\nPasswordAuthentication no    <span class=\"hljs-comment\"># Enforces key-based authentication only<\/span>\n<span class=\"hljs-comment\"># Make sure all users have SSH keys set up before applying this setting.<\/span>\n\n<span class=\"hljs-comment\"># 6. Set Up Fail2ban to Ban IPs after Multiple Failed Login Attempts<\/span>\n<span class=\"hljs-comment\"># Fail2ban automatically bans IPs with repeated failed login attempts, preventing brute-force attacks.<\/span>\n<span class=\"hljs-comment\"># Install and configure Fail2ban:<\/span>\nsudo apt update\nsudo apt install fail2ban\n<span class=\"hljs-comment\"># Edit Fail2ban config in \/etc\/fail2ban\/jail.local to enable SSH protection:<\/span>\n&#91;sshd]\nenabled = <span class=\"hljs-keyword\">true<\/span>\nmaxretry = <span class=\"hljs-number\">5<\/span>\nbantime = <span class=\"hljs-number\">600<\/span>               <span class=\"hljs-comment\"># Ban IP for 10 minutes after 5 failed attempts<\/span>\n\n<span class=\"hljs-comment\"># 7. Enable UFW or iptables Rate Limiting for SSH Connections<\/span>\n<span class=\"hljs-comment\"># UFW:<\/span>\nsudo ufw limit <span class=\"hljs-number\">22<\/span>\/tcp        <span class=\"hljs-comment\"># Limits SSH to 6 attempts per 30 seconds (default)<\/span>\n\n<span class=\"hljs-comment\"># iptables (for custom limits, e.g., 10 attempts in 5 minutes):<\/span>\nsudo iptables -A INPUT -p tcp --dport <span class=\"hljs-number\">22<\/span> -m state --state <span class=\"hljs-keyword\">NEW<\/span> -m recent --set\nsudo iptables -A INPUT -p tcp --dport <span class=\"hljs-number\">22<\/span> -m state --state <span class=\"hljs-keyword\">NEW<\/span> -m recent --update --seconds <span class=\"hljs-number\">300<\/span> --hitcount <span class=\"hljs-number\">11<\/span> -j DROP\n\n<span class=\"hljs-comment\"># 8. Implement Two-Factor Authentication (2FA) for SSH<\/span>\n<span class=\"hljs-comment\"># Use 2FA for additional security, requiring a second authentication factor.<\/span>\n<span class=\"hljs-comment\"># Install Google Authenticator or another 2FA tool:<\/span>\nsudo apt install libpam-google-authenticator\ngoogle-authenticator        <span class=\"hljs-comment\"># Run the setup per user<\/span>\n<span class=\"hljs-comment\"># Configure SSH to require 2FA in \/etc\/pam.d\/sshd and \/etc\/ssh\/sshd_config.<\/span>\n\n<span class=\"hljs-comment\"># 9. Monitor SSH Activity with Logging and CloudWatch Alarms<\/span>\n<span class=\"hljs-comment\"># Enable SSH logs to monitor failed attempts, and set up alerts for suspicious activity.<\/span>\n<span class=\"hljs-comment\"># Check \/var\/log\/auth.log on Ubuntu:<\/span>\nsudo tail -f \/<span class=\"hljs-keyword\">var<\/span>\/log\/auth.log\n<span class=\"hljs-comment\"># On AWS, enable CloudWatch Alarms to notify you of spikes in SSH traffic.<\/span>\n\n<span class=\"hljs-comment\"># 10. Enable AWS Shield Advanced for DDoS Protection (for Enterprise-Level Protection)<\/span>\n<span class=\"hljs-comment\"># AWS Shield Advanced offers dedicated DDoS protection for high-risk applications, including protections for EC2.<\/span>\n<span class=\"hljs-comment\"># It provides additional support and monitoring for DDoS attacks targeting your instance.<\/span>\n\n<span class=\"hljs-comment\"># 11. Enable VPC Flow Logs to Track Suspicious SSH Traffic<\/span>\n<span class=\"hljs-comment\"># VPC Flow Logs capture IP traffic going to and from your EC2 instance.<\/span>\n<span class=\"hljs-comment\"># Analyze these logs to detect unusual SSH connection patterns.<\/span>\n<span class=\"hljs-comment\"># Steps:<\/span>\n<span class=\"hljs-comment\"># - Go to VPC Console &gt; Flow Logs &gt; Create Flow Log.<\/span>\n<span class=\"hljs-comment\"># - Enable logs and store in CloudWatch or S3 for review.<\/span>\n\n<span class=\"hljs-comment\"># Summary<\/span>\n<span class=\"hljs-comment\"># - Use IP restrictions, VPNs, and non-standard ports to limit access.<\/span>\n<span class=\"hljs-comment\"># - Implement SSH session limits, Fail2ban, and rate-limiting to control connection frequency.<\/span>\n<span class=\"hljs-comment\"># - Use 2FA and key-based authentication for enhanced security.<\/span>\n<span class=\"hljs-comment\"># - Monitor and log SSH activity to stay proactive in detecting and handling potential threats.<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>","protected":false},"excerpt":{"rendered":"<p>List of Commands to Check, Add, Edit Firewall configuration of SSH in ubuntu Here is a comprehensive set of commands for managing SSH firewall configurations on Ubuntu, using both UFW and iptables. You can use these commands to check, add, edit, and delete firewall rules for SSH. List of options to change in SSH configuration&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-47417","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/47417","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=47417"}],"version-history":[{"count":5,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/47417\/revisions"}],"predecessor-version":[{"id":47422,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/47417\/revisions\/47422"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=47417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=47417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=47417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}