Coti Node Hardening Guide — Part 2
We are now going to change the default SSH port number so that bots and anyone else trying basic techniques should not find us immediately :)
Login to your node as the root user if you haven’t already done so.
Type the following into the putty terminal and press enter.
nano /etc/ssh/sshd_configYou will then get a screen similar to below.
Navigate down to #Port 22. We need to remove the hash from the front to enable the setting and change the port to a high number between say 2000 and 60000. I went for 4666 but i could have easily just as well chosen 26519. You MUST remember this number. I will refer to this as YOUR PORT NUMBER a bit later in the article.
It should look something like the above once you Press Ctrl + X.
Then I pressed Y to save buffer and then Enter to confirm the save changes.
Configuring the UFW (Uncomplicated Firewall)
Using UFW is a great and easy way to manage firewall rules on Ubuntu. In my opinion we need to add LIMIT on to our SSH connection that we created in Wolfs guide.
This will help deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds.
This is essential to assist us to protect against brute-force login attacks from a software level.
Please remember to use YOUR PORT NUMBER in place of 4666 below. Failure to do this could see you LOCKED OUT of your node.
sudo -S ufw limit 4666Now that we have added in our port, lets look at the list of rules and have Ubuntu number them also.
sudo ufw status numbered
We can see our port number has been added with a LIMIT action which is great. On my system it has been labelled number 5 but on your system it might be different. Take note of the number at the beginning in square brackets. If we want to remove a line we use this number.
Removing the port for 22
Look in your list on your screen and find the item that mentions port number 22. There is likely to be 2 items. One with (v6) on the end and one without. Lets look at the one without (v6) .
On my screenshot it is at position number 1. On your screen it could easily be a different number.
Swap the letter X below with the number against your port 22 and run the command. I will be running ufw delete 1.
ufw delete XIt will then ask if you want to proceed with delete.
Note: Only confirm if you definitely see YOUR PORT NUMBER in there with a LIMIT IN action against it. i.e. I can see my 4666 in there so its ok for me to continue.
Now once we have deleted like the screenshot shows above, lets have a fresh look at the list.
sudo ufw status numberedFind the port 22 (v6) line now as it might now be on a different number.
You can see its on my number 5 but on yours it might be different.
Again im going to delete it. Replace X below with the correct number on YOUR screen that references port 22. Ill be running ufw delete 5.
ufw delete X
Lets see the list one more time it should not have any mention of port 22.
sudo ufw status numberedYou will see that port 22 is now nowhere to be seen. Nice!
Run the following command to restart the sshd service.
service sshd restartNow close the putty window as we will now configure the putty connection and reconnect on the new port number.
Finally changing the port number to connect to on Putty
Now open putty on your machine and change the port on your session like I did below. Remember to use your port number, the port number you picked. Then click on the session you use or default settings, then click Save (see below).
That’s you ready to reconnect to your Node on its new port number!
Click Open to try it and cross your fingers!
If you have followed up to now you are doing awesome man, your node will definitely be a lot harder than it was previously to penetrate. There is obviously more we could do, i.e. only allow certain IP addresses i.e. your home IP to connect to the node but that might be for a future article.
Note: For the more paranoid amongst us, If you wanted to be really sure about your ports you could even launch a very cheap secondary VPS, install nmap, which is a port scanning application and run a port scan to your VPS. If you wanted to check that here’s a guide here: https://kyup.com/tutorials/use-nmap-scan-open-ports-vps/ . If you do run a scan with nmap look out for open AND closed ports and ignore the filtered ones. Closed means that there isn’t a service running on it currently but the firewall did NOT block it. You would not want to see Port 22 open OR closed if you had moved SSH to a different port above.
That is the end of Part 2! — Part 3 coming very soon please check back often!
Need a VPS for your COTI node?
If you have got this far it is likely that you already have a node, but if not, my referral link will get you access to $100 credit to test out VULTR*: https://www.vultr.com/?ref=8377274-6G
* Duplicate accounts not eligible. Referred customer must link a valid credit card or Paypal method to be eligible for the $100 credit. Note: Unused portion of $100 credit expires after 30 days.
