sudo Sergeant 19: Hardening the Secure Shell

tariq.ahmad — Mon, 13 Aug 2018 23:01:34 GMT

Current Revision posted to Documents by tariq.ahmad on 8/13/2018 11:01:34 PM

Join the Ben Heck team every week for amazing hacks! Watch them build and mod community-inspired projects using electronics!

Back to The Ben Heck Show homepage

sudo Sergeant

The Learning Circuit

See All Episodes

www.youtube.com/watch

Felix goes over some basic and essential security configurations for the Raspberry Pi. He does this for the Raspbian install, however, what he shows you can be applicable to other single board computers or distributions with slight modifications. Modifying the security settings of the Raspberry Pi will allow you to connect to the network more securely.

Felix goes over modifying the sudoers file. This file manages how sudo is invoked and what groups or accounts are bestowed with the privileges of sudo. A secure practice is to require an account with sudo privileges to supply a password when calling any program with sudo. Some system administrators like to require anyone logged into the account to also know the root password. The only thing Felix is requiring is for the person to know the passphrase for the account in the sudo group.

He also shows you how to create a new key pair. A key pair consists of a public and a private key. He starts by issuing a key gen instruction via SSH. He then shows you how to install and setup fail2ban. Fail2ban is a service that can track failed attemps to the SSH port and if an IP address fails repeatedly, the IP address can be blocked for a period of time, or indefinitely. In the comments below let us know if there is anything related to security that you would like us to go into more detail about.

Tags: tft screen, security, ip address, sudoers, ssh, system administration, key pair, fail2ban, raspbian, sudosergeant, linux