Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

Ubuntu Server 18.04 Initial Setup

1. Set the root password and use the SU command

2. Initial SSH configuration

3. Setting up SSH key authentication

#Become an ordinary user and create a key pair with RSA

After this, use WINSCP or something similar to copy the id_rsa file to an appropriate location in Windows.
Rewrite the configuration file to disable password authentication.

Restart SSH service

4. Firewalling with UFW

Type the following command to see the status of the ufw configuration

The ufw setting should be disabled at first, as it is marked as inactive.
Type the following command to activate ufw once.

You may get the following message.
Command may disrupt existing ssh connections. Proceed with operation (y|n)?
"This may interrupt your current ssh connection. Would you like to continue?" It means "Do you want to continue?", and it is displayed to users who are connected to the server by ssh connection.
In my environment, ssh was never disconnected even if I entered y (yes), so I think it is safe to enter y.

Valid because it is marked as active
If you type the following command in this state, you should see various settings written to iptables

If you want to disable ufw, type the following command

Disable all communication once by typing the following command

This will block all communication from the outside.。(As for the ssh connection that you are currently connected to, it can be disconnected in the middle of the connection.
However, once you log out, it will be impossible to connect again via ssh.Please be careful.)Once all communication is blocked, we can decide which services to allow to communicate.
Even with this setting, the only communication that is disabled is the communication coming from "outside to inside".
Communication that goes from inside to outside is not disabled.。
Configure the settings
If you want to set ufw to "Allow communication coming to port number xxx", type the following command

On the other hand, if you want to "disallow communication coming to port number ◯◯◯◯," type the command as follows

Allow ssh connections
Allow ssh connections so that you can connect remotely in the future
To allow ssh connections, type the following command, assuming the ssh port is set to 5001

It will continuously try to access port 5001 by typing in the appropriate password and trying to find a coincidental match so that it can log in.
This is called a brute force attack. This is called a brute force attack.
As a countermeasure, apply the setting "Do not allow connections from IP addresses that are accessed consecutively".
Type the following command

This will set the rule "Do not allow IP addresses that have attempted to connect more than 6 times in 30 seconds".
Check the settings. You should see something like this

LIMIT (connection restriction) is set for port 5001 of IPv4 and IPv6

Only allow ssh connections from specific networks
Even with the above settings, you are still exposing your ssh port to the outside Internet.
Even if you set a limit on the number of times you can connect, it is still possible for someone to guess your password somehow and connect to you.
Even if you set a limit on the number of connections, it is possible that the password will be guessed somehow and the connection will be established, or the connection will be established through a vulnerability attack.

Therefore, ssh connections should only be allowed on internal networks, and all external ssh connections should not be allowed.
Therefore, allow ssh connections only for internal networks and do not allow any external ssh connections.

In the local area network, there is a host with an IP address of "192.168.11.xx".
Allow ssh connections only from this host. To allow ssh connections only from this host or from this network (192.168.11.0/24)
or from this network (192.168.11.0/24), type the following command.

Allow ssh connections from 192.168.11.0/24

If you check your settings, you should see something like this

However, even in this state, it will allow ssh connections from outside with a limited number of connections.
Therefore, we will remove the rule with the LIMIT
#Use the following command to display the rule number and confirm the settings

Since rules 1 and 3 are not needed, we will delete them by specifying their numbers.
Rules 1 and 3 are not needed.

Now that rule #1 has been deleted, delete rule #3 in the same way as above.

Allow access to the web.
Since our goal is to set up a firewall for the web server, we will allow connections to 80 (HTTP) and 443 (HTTPS).
connections to 80 (HTTP) and 443 (HTTPS).
You can specify a port number to allow connections, or you can specify an application.
You can also specify the application.
You can see the list of applications with the following comman。

Allows HTTP(80) and HTTPS(443) connections.
Check your settings and they should look like this
You can now access 80,443 (WEB) from the outside.
Disable ufw for ipv6
After all the work
タイトルとURLをコピーしました