Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

ArchLinux ; SSH , Firewall (ufw)

1. SSH Service Security Settings

Change the configuration file for the SSH service, which is "/etc/ssh/sshd_config".
In this case, we will change the default SSH port 22 to 2244.
Change /etc/ssh/sshd_config as follows

■Add ssh connection port 2244 on line 14
#port 22
Port 2244
■Line 16 Uncomment
#ListenAddress 0.0.0.0
↓ 
ListenAddress 0.0.0.0
■Line 33 Uncomment
#PermitRootLogin prohibit-password
↓ 
PermitRootLogin prohibit-password

Restart SSH service

2. Firewall (ufw)

2.1 Install

You can confirm that the ufw service is stopped by displaying "Active: inactive (dead)"

2.2 Enable ufw

2.3 Firewall rule settings
When ufw is enabled, default firewall rules are applied.
If you enable it as is, you may lose communication with the server, so set basic rules before enabling ufw.

Incoming packets Default rule settings
First, set the rules for incoming packets. The general rule is to deny all incoming packets except for specific communications. Execute "ufw default deny incoming" to basically deny all incoming packets.

Outgoing packets Default rule settings
The general rule is to allow all outgoing packets. Execute "ufw default allow outgoing" to basically allow outgoing packets.

2.4 SSH Port Permissions
Enable automatic startup of ufw, but set the permission for SSH connection first, as it may prevent SSH remote connection. Set permission for SSH port 2244 changed above with the following command

2.5 Confirmation of ufw settings
Check the rules configured in the firewall after enabling." ufw status verbose".

2.6 To disable ipv6

2.7 Restart ufw

3. SSH connection with authentication using public key cryptography

The method is the same as in other distributions, so we omit it.
Please refer to the following and others.

タイトルとURLをコピーしました