Today I’ll start a series that I’ve been meaning to commit to writing for some time. The top 5 things to do after you finish installing Trixbox.
Trixbox 2.2 is now out, so if you’ve ever thought about setting up your own VoIP system I would strongly recommend giving Trixbox a try. The Trixbox forums provide a wealth of information, and there is some documentation available from the Trixbox project itself. However, most of the documentation focuses on the installation process, and does not provide a whole lot of information about what to do after your system is installed and running.
With this in mind, I’d like to share some of the things that I think are important to ensuring that your Trixbox system is running smoothly (and securely).
First things first — we need to lock down SSH.
If your not familiar with SSH, you should brush up on this remote connection method. Right out of the gate SSH is a more secure way of connecting to a Linux machine than alternatives like Telnet, but that doesn’t mean it’s perfect.
At a minimum, the following steps should be taken to improve SSH security:
- Run SSH on an alternate port (the default is port 22).
- Only use the SSH 2 protocol (SSH 1 is not as secure as 2)
- Do not allow root logins via SSH (in fact, it’s a much better approach to only allow specifically named users to log in via SSH, but never root).
- Use public key authentication, instead of passwords.
There are a number of other helpful tips and tricks available here.
Next up, we’ll walk through the process of backing up a Trixbox system and transferring the backup to a remote machine using scp and cron.