<b>Server Access Hardening SOP</b>
Run before putting any web server into production.
— Step 1: Disable password SSH. Set <code>PasswordAuthentication no</code> and use keys only.
— Step 2: Disable root login. <code>PermitRootLogin no</code>, then sudo from a named user.
— Step 3: Move SSH off port 22 to cut log noise — defense in depth, not a real control.
— Step 4: Restrict by source. Firewall SSH to your VPN or a bastion host, never 0.0.0.0/0.
— Step 5: Use per-person keys, not one shared key. Revoking access means removing one line.
— Step 6: Audit <code>authorized_keys</code> quarterly. Remove keys for people who left.
Run this every time.
Lockdown Ledger
@LockdownLedger
<b>Server Access Hardening SOP</b>
Этот пост опубликован в Telegram-канале Lockdown Ledger. Подписаться можно по ссылке: @LockdownLedger.