|
Title: [HOW-TO]Secure your VPS's - stop thiefs Post by: CryptoBullion on August 19, 2013, 08:58:21 PM in regards to this topic i thought i should share this with everyone https://bitcointalk.org/index.php?topic=277440.0 7800 XPM stolen from VPS
for future use of vpn i urge everyone to do this Code: apt-get update && apt-get --yes upgrade start a text file one your home pc and start beating up your keyboard , use the shift key and numbers to get special chars. about 20-50 chars long should do. it should like like !W45ygbw4%BN56j8u46m7mki578,o0,5mrn6Uw4b5vy1q34tv13%By2n456@$5y2v#$%t1cf34Tg2v345t24%BY@$YH#%6unh5&U#bv45c@#$!#!#RE$T!#$VQ#$ save your text file!!!! and don't lose it. make two of these passwords, so you can add a secure password to your new user u added. Code: passwd yournewusername next you should also disable root access Code: nano /etc/ssh/sshd_config change the permit root login option to no , save the file. Code: exit log out as root, and log back in using your new username and password in your text file. Obviously you will just copy / paste the password, right click on your ssh console to paste it in. This should prevent anyone from getting into your vps. Title: Re: [HOW-TO]Secure your VPS's - stop thiefs Post by: 110110101 on August 19, 2013, 09:04:40 PM That's a good practice to prevent roots login over ssh, and should be encouraged for anyone running a linux server.
But this would not stop an admin at the VPS datacenter from snooping around or accessing your files on disk? Title: Re: [HOW-TO]Secure your VPS's - stop thiefs Post by: smolen on August 19, 2013, 09:13:26 PM This should prevent anyone from getting into your vps. Except provider's staffTitle: Re: [HOW-TO]Secure your VPS's - stop thiefs Post by: CryptoBullion on August 19, 2013, 09:27:41 PM That's a good practice to prevent roots login over ssh, and should be encouraged for anyone running a linux server. But this would not stop an admin at the VPS datacenter from snooping around or accessing your files on disk? crazy stuff does happen though. im sure there is a crook or two somewhere in a vps company. i guess if your really worried about the vps hosting company that your should encrypt your virtual drive truecrypt is opensourse, and there is ecryptfs-utils also. If you were to encrypt you virtual drive, then change root and user passwords again, and then change the hdd encryption key again over a secure ssh into your new encrypted virtual drive... and you should be good... unless the vps owners have lots of time on their hands.... i think that is getting a little paranoid but that should stop a vps owner dead in their tracks from getting your data.... i suppose you could go as far as installing a vm inside your vps, and choosing the encrypt during install option, and then ssh into your vm. Title: Re: [HOW-TO]Secure your VPS's - stop thiefs Post by: Snail2 on August 19, 2013, 10:22:05 PM For generating and safely storing passwords Keepass is a good option.
Title: Re: [HOW-TO]Secure your VPS's - stop thiefs Post by: smolen on August 19, 2013, 10:35:32 PM crazy stuff does happen though. im sure there is a crook or two somewhere in a vps company. Encrypting drives won't help, the RAM is still observable by the host. Just don't put your private keys on VPS. (though I'm not sure whether open-source miners can mine without it)i guess if your really worried about the vps hosting company that your should encrypt your virtual drive Title: Re: [HOW-TO]Secure your VPS's - stop thiefs Post by: Snail2 on August 19, 2013, 10:36:41 PM One more idea. If you have an other machine somewhere what running 24/7 you can send syslogs to this remote machine from your VPS. In this case the attacker can delete the local logs, but as you still have a copy on the remote machine you can find out what happened.
Title: Re: [HOW-TO]Secure your VPS's - stop thiefs Post by: 01BTC10 on August 19, 2013, 10:40:47 PM Way more secure and practical to disable password authentication and use key-based/certificate authentication.
Title: Re: [HOW-TO]Secure your VPS's - stop thiefs Post by: davout on August 19, 2013, 10:44:00 PM istart a text file one your home pc and start beating up your keyboard , use the shift key and numbers to get special chars. about 20-50 chars long should do. No, do this Code: $ openssl rand -base64 45 Title: Re: [HOW-TO]Secure your VPS's - stop thiefs Post by: davout on August 19, 2013, 10:45:03 PM Way more secure and practical to disable password authentication and use key-based/certificate authentication. If and only if you also have a good passphrase on your key. You get the convenience too by using ssh-agent. Title: Re: [HOW-TO]Secure your VPS's - stop thiefs Post by: infested999 on August 19, 2013, 10:46:43 PM text file [...] password Never save your password in an unencrypted text file! |