Categories

6
General
 2
Payment
 1
Tips
 4
Troubleshooting
 12
Tutorial

  Categories

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket

Basic SSH Security Principles for Your Tempest Server Print

  • 0

Strengthen Your Tempest Server Security: Essential SSH Hardening Techniques



Ensuring the security of your server is crucial for protecting your valuable data and resources. Tempest provides excellent DDoS protection, but as a server administrator, you should also implement basic SSH security principles. In this article, we will discuss two practical options for hardening SSH on your server.

Before You Start



Upon receiving your new Tempest server details, whitelist and open port 22 in your firewall to access your server via SSH. Follow this guide to manage your firewall settings from the client area. After opening port 22, you should be able to reach your server within a few minutes.

Option 1: Whitelist Access to Port 22 (Easiest)



Whitelist access to port 22 for only your IP address, ensuring that any other requests are rejected. This method is simple and effective but requires a static IP or a VPN with an unchanging IP. If your IP changes, update your firewall rules to regain access to your server via SSH.

Option 2: Change Default Port and Enable Key-Based Authentication (Medium)



To prevent automated scans exploiting weak SSH security, change the default port from 22 to a new value (e.g., 1882) and enable key-based authentication. Follow these steps:

Update your server by running the appropriate commands for your Linux distribution.
Edit /etc/ssh/sshd_config to change the default port to your chosen value (e.g., 1882) and ensure the line is uncommented.
Update your firewall rules to open the new SSH port.
Restart SSH with the command service sshd restart.
Generate a strong SSH key (e.g., ed25519) on your local machine and add it to your SSH agent.
Copy the key to your Tempest server using the appropriate command.
Modify /etc/ssh/sshd_config on your Tempest server to disable password authentication for both root and non-root users.

Pros: This method prevents scanners from exploiting weak passwords by changing the port number and disabling password authentication.

Cons: Losing your key(s) means losing access to your server. Backup your private keys securely, typically found in ~/.ssh/ on your local system.

Implementing basic SSH security principles is vital for safeguarding your Tempest server. Choose the option that best suits your needs and comfort level with Linux servers. Remember, maintaining server security is an ongoing process that requires vigilance and attention.

Was this answer helpful?

Related Articles

Can I purchase additional IP's Yes you can purchase additional IPv4 Addresses for your service by opening a ticket and... How to contact us? You can reach us by calling +1 602 704 3002 between 9 AM to 5 PM EST if you have an inquiry or... How can I purchase a server from you? If you'd like to order a server from us, the process is very simple! Ordering an instant... Are there any bandwidth limits? All of our servers have no bandwidth limits as they are all unmetered with a 10Gbps dedicated... When will you have more stock for this machine? If we're out of stock for a machine on our website, we're probably looking at sending more stock...
« Back

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket