Setting up public key auth:
# Lists the files in your .ssh directory, if they exist
ls -al ~/.ssh
# Create SSH key with OpenSSH
ssh-keygen
ssh-keygen -t rsa -b 4096 -C "[email protected]"
# start the ssh-agent in the background
eval $(ssh-agent -s)
#Add the SSH private key to the ssh-agent (replace id_rsa with the name of the private key file)
ssh-add ~/.ssh/id_rsa
# Copy to a server
ssh-copy-id -i ~/.ssh/id_rsa user@host
# Test the new key
ssh -i ~/.ssh/id_rsa user@host
Updating the system:
apt-get update
apt-get upgrade
(or use dist-upgrade or full-upgrade) Info: https://askubuntu.com/questions/81585/what-is-dist-upgrade-and-why-does-it-upgrade-more-than-upgrade
For autmoatic updates:
(https://help.ubuntu.com/lts/serverguide/automatic-updates.html)
Check which services are accessible:
sudo netstat -aptn|grep LISTEN
Check for file changes in the past 24 hours:
find /usr -mtime -1 -ls
Change /usr to the directory you wish to search for malicious activity
Install fail2ban:
apt-get install fail2ban