this post was submitted on 19 Oct 2023
2 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I am back with another published article.

Ideogram.ai: penguin in a server room covered in ice and snow, whole picture made out of green matrix style lines of code, cinematic

Please be kind! I am a self-taught Linux user and by no means an expert. My goal with this guide is to help newcomers to Linux have an easier and more secure start.

To all the experts out there, please be kind and do share your tips and observations. I am happy to keep updating the article to make the self-hosting world more secure.

https://nerdyarticles.com/debian-server-essentials-setup-configure-and-hardening-your-system/

you are viewing a single comment's thread
view the rest of the comments
[–] jammsession@alien.top 1 points 1 year ago (3 children)

PermitRootLogin I would set to yes.

sudo systemctl restart ssh will only restart your ssh client and not the ssh server you try to restart. Use sshd insted.

I personally find it easier to use no root during setup and import my ssh keys from github using ssh-import-id.

UFW doesn't harm, but if the host is on your Proxmox Hypervisor, it is probably behind a deny all incoming firewall anyway. That is also why I would leave IPv6 on.

Like other have noted, Crowdsec is a little bit more complex to setup but also offers more features. As a side note, Fail2ban is unfortunatly not IPv6 ready.

[–] KillerTic@alien.top 1 points 1 year ago (2 children)

Thanks for the advice!

Why would you leave PermitRootLogin to yes? Doesn’t really matter, if root ca nit login anyways?!

You are right on restarting sshd. That’s a typo…

An other user also mentioned to not fill out the root password and it will disable root + install sudo. Guess I didn’t read the instructions properly. Will definable be adopted.

I agree on importing from Github, but I am unsure how many people have their keys there…

UFW on a virtual machine might not be needed, but also not really harmful. I do like having in on every machine for piece of mind. Also this guide can be used for bare metal installs.

Crowdsec is on the todo list!

Thanks again. I will keep updating my article 😊

[–] jammsession@alien.top 1 points 1 year ago (1 children)

Why would you leave PermitRootLogin to yes? Doesn’t really matter, if root ca nit login anyways?!

Just like you don't really need UFW, not really harmful and for piece of mind :)

But to be honest, I am no expert either. I look at your config and think, just leave everything at default besides these twos:

PubkeyAuthentication yes PasswordAuthentication no

Things like

MaxAuthTries 3

don't matter for public key auth.

[–] KillerTic@alien.top 1 points 1 year ago

Yeah and I went through it with thinking, let’s make it as secure as possible without 100% knowing the effect…

You need password auth for copying your key, don’t you. Unless you import it during the install…