Servers exposed to the internet are frequent targets of automated attacks. A user managing a Ubuntu VPS reported experiencing around 150 SSH login attempts per day, despite implementing security measures such as a restrictive firewall, fail2ban, and key-based authentication only. However, there are still critical areas that can be optimized to enhance security and reduce the risk of intrusion.
Main Vulnerabilities Identified
Despite the existing security measures, the server still has some weak points that could be exploited by attackers:
- Allowing SSH access as “root”: Even though password authentication is disabled, allowing SSH login as root is a major security risk.
- Keeping the default SSH port: Using the standard port (22) makes it easier for automated brute-force attacks to target the server.
- Exposing the Minecraft server: Since it’s publicly accessible, it could become an attack vector, especially if it runs third-party mods.
Additional Steps to Strengthen Server Security
1. Disable Root Login via SSH
One of the first and most crucial security measures is to disable direct SSH access for the root user. Instead, create a non-root user with limited privileges and use sudo when elevated permissions are required.
To apply this change, edit the SSH configuration file:
sudo nano /etc/ssh/sshd_configLocate the following line:
PermitRootLogin yesAnd change it to:
PermitRootLogin noThen, restart the SSH service:
sudo systemctl restart ssh2. Restrict SSH Access to a Specific IP
If you always access your server from the same IP address, you can allow SSH connections only from that IP using the firewall:
sudo ufw allow from 192.168.1.100 to any port 22Alternatively, you can use Tailscale SSH, a secure VPN service that eliminates the need to expose SSH directly to the internet.
3. Change the Default SSH Port
Although not a foolproof solution, changing the SSH port can reduce the number of automated login attempts. To do this, edit the SSH configuration file:
sudo nano /etc/ssh/sshd_configFind this line:
#Port 22And change it to another port, such as:
Port 4822Then, restart SSH:
sudo systemctl restart sshAlso, update the firewall rules to allow the new port:
sudo ufw allow 4822/tcp4. Secure the Minecraft Server
Game servers are common attack targets, so it’s important to implement these security measures:
- Never run the game server as root.
- Isolate the service under a dedicated non-privileged user.
- Restrict access with the firewall, allowing connections only from trusted IPs.
- If using mods, ensure they come from trusted sources to avoid potential security vulnerabilities.
5. Use SSH Keys with Ed25519 for Stronger Security
Using SSH keys instead of passwords is essential, but it is recommended to use Ed25519, an elliptic curve cryptography algorithm that offers better security and performance than RSA.
To generate an Ed25519 key:
ssh-keygen -t ed25519 -C "your@email.com"Then, copy it to the server:
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@serverConclusion: Security is an Ongoing Process
A server exposed to the internet is never 100% secure, but implementing these best practices significantly reduces the attack surface. Security is not just about blocking access but also about anticipating vulnerabilities and preparing for potential threats.
Regular updates, log monitoring, and proactive security practices are essential to maintaining a resilient and well-protected server in the long run.
