In this lab, I established an SSH connection from macOS to an Ubuntu server and demonstrated key techniques for securing a Linux system. The lab focused on hardening SSH access by disabling root login, configuring key-based authentication, and restricting access to the server. I also implemented firewall rules using UFW, allowing only necessary services while blocking all other traffic. Additionally, I tested network configurations with tools like Nmap and Netcat to verify security measures. This project highlights my ability to manage secure remote access and configure network security in a Linux environment.
Steps:
-
Enabled SSH services on the terminal
- Sudo apt update && sudo apt upgrade -y (Check for updates & upgrades, if needed)
-
Installed open SSH server
- Sudo apt install openssh-server
-
Checked to make sure ssh is actually running
- Sudo systemctl status ssh
- ip a (to find server's ip address)
-
Opened my Mac’s terminal (I have used PuTTy for a pervious project)
- Ping 192.168.64.11 (my Ubuntu server’s ip) to see if it is working properly
- ssh -v ella@ubuntuu or ssh ella@192.168.64.11 to successfully SSH into my Ubuntu server
- Ran a few commands in the Ubuntu server
-
Whoami
-
Uname -a
-
Ls(to view the files in my current directory)
-
Exit (to exit the SSH session)
Steps:
-
Ensured UFW is installed and active on my Ubuntu server
- sudo apt update && sudo aot install ufw
- Allowed SSH access
- sudo ufw allow ssh
- Denied all other incoming traffic
- sudo ufw default deny incoming && sudo ufw default allow outgoing
- Enabled UFW and checked status
-
sudo ufw enable
-
sudo ufw status verbose
SSH Hardening
- Opened the SSH configuration file
-
sudo nano /etc/ssh/sshd_config
-
change PermitRootLogin to no
- Restart the SSH service to apply changes
- sudo systemctl restart ssh
Test the Connectivity
- Tested the SSH connection on my macOS terminal
- ssh ella@192.168.64.11
- Used nmap on my macOS terminal to check for open ports (only port 22 should be open)
- nmap -sS 192.168.64.11
- Used netcat to test if the server can communicate over specific ports
- nc lvp 1234
- Send data from my macOS terminal
- nc 192.168.64.11 1234
Monitoring Logs
- I reviewed login attempts:
- sudo tail -f journalctl (or /var/log/auth.log)
