Are RSA keys required for LAN just arrangements?
I have actually an SSH mounted on my Ubuntu web server. I can log right into it from my Ubuntu desktop, making use of a customer and also a password. I can just access SSH from my LAN, given that the SSH port is not sent on my router. Do I require to set up an RSA key for an arrangement similar to this? From what I recognize the SSH is safe and secure given that it can not be accessed from the Internet.
On a side note, what various other points should I check for protection? I have Apache, MySQL and also ProFTPD running.
Do you require to make use of keys? No. Yet it certain comes to be a whole lot easier to utilize them as soon as you have extra after that one web server, or if you ever before need to manuscript some kind job that will certainly call for ssh accessibility.
If your certain that just authorised customers can get accessibility to your LAN, after that a username and also password needs to be adequate. Absolutely nothing is ever before mosting likely to be entirely safe and secure, you require to ask on your own, is it adequate?
If your web server is just accesible using your LAN, and also your not bothered with individuals getting to it, by WiFi hacks, or physical network accessibility, after that username/password verification is probabley adequate.
As a side note, it is really, really simple to arrangement passwordless logins with SSH, so you might intend to attempt that:
$ ssh-keygen -t rsa # if you don't already have your key pair $ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
And after that you wont be requested for a password each time you login to your web server
I do not mind getting in a password for SSH. For included protection nonetheless, I would certainly advise making it possible for the Ubuntu Firewall ufw, which is mounted yet disabled on Jaunty by default. It is very easy to enable and also set up:
sudo ufw enable
EDIT: Don't do this first if you are attaching from another location or you'll lock on your own out! It is more secure to enable last as soon as you make certain all your regulations remain in area. See Olaf is comment listed below.
Default obstruct every little thing
sudo ufw default deny
Allow TCP on prt 22 for SSH:
sudo ufw allow 22/tcp
Delete this regulation (if essential later on):
sudo ufw delete allow 22/tcp
In enhancement to port 22, you'll intend to permit website traffic to port 3306 for MySQL, 80 for Apache, and also 20 & 21 by default for ProFTPD.
You can examine your regulations conveniently also:
sudo ufw status
Lastly, you can create extra great - grained regulations to details hosts or subnets:
ufw allow proto tcp from 192.168.0.0/24 to 192.168.0.1 port 22
After you set up, disable and also re - enable ufw to use.