{"id":47417,"date":"2024-11-14T09:35:16","date_gmt":"2024-11-14T09:35:16","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=47417"},"modified":"2024-11-14T09:39:27","modified_gmt":"2024-11-14T09:39:27","slug":"ssh-tutorials-complete-master-guide","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/ssh-tutorials-complete-master-guide\/","title":{"rendered":"SSH Tutorials Complete Master Guide"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">List of Commands to Check, Add, Edit Firewall configuration of SSH in ubuntu<\/h2>\n\n\n\n<p>Here is a comprehensive set of commands for managing SSH firewall configurations on Ubuntu, using both <strong>UFW<\/strong> and <strong>iptables<\/strong>. You can use these commands to check, add, edit, and delete firewall rules for SSH.<\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/devops-school\/b3d7c3135e77a1ca7450832d25396047.js\"><\/script>\n\n\n\n<h2 class=\"wp-block-heading\">List of options to change in SSH configuration from Preventing from DDOS attack<\/h2>\n\n\n\n<p>To harden your SSH configuration on Ubuntu and help prevent DDoS attacks, you can adjust several settings in the SSH configuration file (<code>\/etc\/ssh\/sshd_config<\/code>). Below are options you can modify to improve security against DDoS and brute-force attacks.<\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/devops-school\/80dbd18c3c6659e70ac1dab6e06949ed.js\"><\/script>\n\n\n\n<h2 class=\"wp-block-heading\">List of options to Preventing from DDOS attack in AWS Security Group<\/h2>\n\n\n\n<p>To prevent DDoS attacks on AWS EC2 instances, you can configure your <strong>AWS Security Groups<\/strong> with specific rules to control access and reduce exposure. Here are some best-practice options for configuring security groups to enhance protection against DDoS attacks:<\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/devops-school\/8b12644548792154ac57801ded14cc9c.js\"><\/script>\n\n\n\n<h2 class=\"wp-block-heading\">List of Approach to protect SSH session from Preventing from DDOS attack<\/h2>\n\n\n\n<p>To protect SSH sessions from DDoS attacks, you can apply several best practices, configurations, and additional tools to safeguard your SSH access. Below is a comprehensive list of approaches for securing SSH against DDoS and brute-force attacks.<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># Approaches to Protect SSH Sessions from DDoS Attacks<\/span>\n\n<span class=\"hljs-comment\"># 1. Restrict SSH Access to Specific IP Addresses or Ranges<\/span>\n<span class=\"hljs-comment\"># Limit SSH access to known IPs by configuring firewall rules to only allow connections from trusted IPs or ranges.<\/span>\n<span class=\"hljs-comment\"># On AWS: Use Security Groups to allow SSH only from specific IPs.<\/span>\n<span class=\"hljs-comment\"># On Ubuntu: Use UFW or iptables to permit only trusted IPs for SSH access.<\/span>\n\n<span class=\"hljs-comment\"># Example (AWS Security Group): Allow SSH from a specific IP<\/span>\n- Type: SSH\n- Protocol: TCP\n- Port Range: <span class=\"hljs-number\">22<\/span>\n- Source: &lt;Trusted IP <span class=\"hljs-keyword\">or<\/span> IP Range&gt;\n\n<span class=\"hljs-comment\"># 2. Use a VPN for SSH Access<\/span>\n<span class=\"hljs-comment\"># Set up a VPN to restrict SSH access to users connected through the VPN.<\/span>\n<span class=\"hljs-comment\"># VPNs, like AWS Client VPN or OpenVPN, add an additional layer of security and restrict access to authorized users only.<\/span>\n\n<span class=\"hljs-comment\"># 3. Change the Default SSH Port (Obscurity)<\/span>\n<span class=\"hljs-comment\"># Use a non-standard port for SSH to reduce random DDoS attacks on port 22.<\/span>\n<span class=\"hljs-comment\"># Update SSH configuration in \/etc\/ssh\/sshd_config:<\/span>\nPort <span class=\"hljs-number\">2222<\/span>\n<span class=\"hljs-comment\"># <span class=\"hljs-doctag\">Note:<\/span> Update firewall rules to allow the new SSH port.<\/span>\n\n<span class=\"hljs-comment\"># 4. Limit Concurrent and Unauthenticated Connections<\/span>\n<span class=\"hljs-comment\"># Configure sshd settings to limit the number of concurrent sessions and new connections.<\/span>\n<span class=\"hljs-comment\"># Edit \/etc\/ssh\/sshd_config to include:<\/span>\nMaxSessions <span class=\"hljs-number\">2<\/span>               <span class=\"hljs-comment\"># Limit the number of sessions per connection<\/span>\nMaxStartups <span class=\"hljs-number\">10<\/span>:<span class=\"hljs-number\">30<\/span>:<span class=\"hljs-number\">60<\/span>        <span class=\"hljs-comment\"># Controls unauthenticated connections: 10 allowed, drop rate at 30%, and refuse at 60<\/span>\n\n<span class=\"hljs-comment\"># 5. Use SSH Key-Based Authentication and Disable Passwords<\/span>\n<span class=\"hljs-comment\"># Disable password authentication to prevent brute-force attacks and require SSH keys.<\/span>\n<span class=\"hljs-comment\"># In \/etc\/ssh\/sshd_config:<\/span>\nPasswordAuthentication no    <span class=\"hljs-comment\"># Enforces key-based authentication only<\/span>\n<span class=\"hljs-comment\"># Make sure all users have SSH keys set up before applying this setting.<\/span>\n\n<span class=\"hljs-comment\"># 6. Set Up Fail2ban to Ban IPs after Multiple Failed Login Attempts<\/span>\n<span class=\"hljs-comment\"># Fail2ban automatically bans IPs with repeated failed login attempts, preventing brute-force attacks.<\/span>\n<span class=\"hljs-comment\"># Install and configure Fail2ban:<\/span>\nsudo apt update\nsudo apt install fail2ban\n<span class=\"hljs-comment\"># Edit Fail2ban config in \/etc\/fail2ban\/jail.local to enable SSH protection:<\/span>\n&#91;sshd]\nenabled = <span class=\"hljs-keyword\">true<\/span>\nmaxretry = <span class=\"hljs-number\">5<\/span>\nbantime = <span class=\"hljs-number\">600<\/span>               <span class=\"hljs-comment\"># Ban IP for 10 minutes after 5 failed attempts<\/span>\n\n<span class=\"hljs-comment\"># 7. Enable UFW or iptables Rate Limiting for SSH Connections<\/span>\n<span class=\"hljs-comment\"># UFW:<\/span>\nsudo ufw limit <span class=\"hljs-number\">22<\/span>\/tcp        <span class=\"hljs-comment\"># Limits SSH to 6 attempts per 30 seconds (default)<\/span>\n\n<span class=\"hljs-comment\"># iptables (for custom limits, e.g., 10 attempts in 5 minutes):<\/span>\nsudo iptables -A INPUT -p tcp --dport <span class=\"hljs-number\">22<\/span> -m state --state <span class=\"hljs-keyword\">NEW<\/span> -m recent --set\nsudo iptables -A INPUT -p tcp --dport <span class=\"hljs-number\">22<\/span> -m state --state <span class=\"hljs-keyword\">NEW<\/span> -m recent --update --seconds <span class=\"hljs-number\">300<\/span> --hitcount <span class=\"hljs-number\">11<\/span> -j DROP\n\n<span class=\"hljs-comment\"># 8. Implement Two-Factor Authentication (2FA) for SSH<\/span>\n<span class=\"hljs-comment\"># Use 2FA for additional security, requiring a second authentication factor.<\/span>\n<span class=\"hljs-comment\"># Install Google Authenticator or another 2FA tool:<\/span>\nsudo apt install libpam-google-authenticator\ngoogle-authenticator        <span class=\"hljs-comment\"># Run the setup per user<\/span>\n<span class=\"hljs-comment\"># Configure SSH to require 2FA in \/etc\/pam.d\/sshd and \/etc\/ssh\/sshd_config.<\/span>\n\n<span class=\"hljs-comment\"># 9. Monitor SSH Activity with Logging and CloudWatch Alarms<\/span>\n<span class=\"hljs-comment\"># Enable SSH logs to monitor failed attempts, and set up alerts for suspicious activity.<\/span>\n<span class=\"hljs-comment\"># Check \/var\/log\/auth.log on Ubuntu:<\/span>\nsudo tail -f \/<span class=\"hljs-keyword\">var<\/span>\/log\/auth.log\n<span class=\"hljs-comment\"># On AWS, enable CloudWatch Alarms to notify you of spikes in SSH traffic.<\/span>\n\n<span class=\"hljs-comment\"># 10. Enable AWS Shield Advanced for DDoS Protection (for Enterprise-Level Protection)<\/span>\n<span class=\"hljs-comment\"># AWS Shield Advanced offers dedicated DDoS protection for high-risk applications, including protections for EC2.<\/span>\n<span class=\"hljs-comment\"># It provides additional support and monitoring for DDoS attacks targeting your instance.<\/span>\n\n<span class=\"hljs-comment\"># 11. Enable VPC Flow Logs to Track Suspicious SSH Traffic<\/span>\n<span class=\"hljs-comment\"># VPC Flow Logs capture IP traffic going to and from your EC2 instance.<\/span>\n<span class=\"hljs-comment\"># Analyze these logs to detect unusual SSH connection patterns.<\/span>\n<span class=\"hljs-comment\"># Steps:<\/span>\n<span class=\"hljs-comment\"># - Go to VPC Console &gt; Flow Logs &gt; Create Flow Log.<\/span>\n<span class=\"hljs-comment\"># - Enable logs and store in CloudWatch or S3 for review.<\/span>\n\n<span class=\"hljs-comment\"># Summary<\/span>\n<span class=\"hljs-comment\"># - Use IP restrictions, VPNs, and non-standard ports to limit access.<\/span>\n<span class=\"hljs-comment\"># - Implement SSH session limits, Fail2ban, and rate-limiting to control connection frequency.<\/span>\n<span class=\"hljs-comment\"># - Use 2FA and key-based authentication for enhanced security.<\/span>\n<span class=\"hljs-comment\"># - Monitor and log SSH activity to stay proactive in detecting and handling potential threats.<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>","protected":false},"excerpt":{"rendered":"<p>List of Commands to Check, Add, Edit Firewall configuration of SSH in ubuntu Here is a comprehensive set of commands for managing SSH firewall configurations on Ubuntu,&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-47417","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/47417","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=47417"}],"version-history":[{"count":5,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/47417\/revisions"}],"predecessor-version":[{"id":47422,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/47417\/revisions\/47422"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=47417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=47417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=47417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}