{"id":95,"date":"2013-05-18T21:35:17","date_gmt":"2013-05-18T21:35:17","guid":{"rendered":"http:\/\/blog.shineservers.com\/?p=95"},"modified":"2013-05-18T21:35:17","modified_gmt":"2013-05-18T21:35:17","slug":"how-to-secure-ssh-in-centos","status":"publish","type":"post","link":"https:\/\/www.shineservers.com\/2013\/05\/18\/how-to-secure-ssh-in-centos\/","title":{"rendered":"How to secure SSH in Centos"},"content":{"rendered":"

When you first begin to approach your newly installed server, there are a few early steps you should take to make it more secure from hackers. The first tasks can include setting up a new user, providing them with the proper privileges, and configuring SSH.<\/p>\n

Step One \u2014 Login via Root\u00a0<\/b><\/p>\n

\"\"<\/p>\n

Step Two \u2014 Change Your Password For Root<\/b><\/p>\n

\"\"<\/p>\n

CentOS is very cautious about the passwords it allows. After you type your password, you may see a BAD PASSWORD notice. You can either set a more complex password or ignore the message .<\/p>\n

Step Three \u2014 Creating a New User For Root privileges<\/b><\/p>\n

First, create your user; you can choose any name for your user.<\/p>\n

\n
[code]adduser username[\/code]<\/pre>\n<\/div>\n
For example here I\u2019ve suggested\u00a0secure<\/b>\u00a0as a user .<\/p>\n
\"\"<\/p>\n
Second, create a new user password :<\/b><\/p>\n
\n
[code]passwd secure[\/code]<\/pre>\n<\/div>\n
\"\"<\/p>\n
Step Four \u2014 Assigning Root Privileges<\/b><\/p>\n
As of yet, only root has all of the administrative capabilities. We are going to give the new user the root privileges.<\/p>\n
Let\u2019s go ahead and edit the sudo configuration. This can be done through the default editor, which in CentOS is called \u2018vi\u2019<\/p>\n
\n
[code]\/usr\/sbin\/visudo[\/code]<\/pre>\n<\/div>\n
\"\"<\/p>\n
Find the section called user privilege specification and add the similar line below it .<\/p>\n
To began typing in vi, press \u201ca\u201d.<\/p>\n
\n
[code]secure    ALL=(ALL)       ALL[\/code]<\/pre>\n<\/div>\n
\"\"<\/p>\n
Then to save and exit press escape , then press “:w” to write the file and to quit press “:q” .<\/p>\n
Step Five \u2014 Configuring SSH To Disable Root Login<\/b><\/p>\n
Open the configuration file<\/p>\n
\n
[code]sudo vi \/etc\/ssh\/sshd_config[\/code]<\/pre>\n<\/div>\n
It will then look something like this :<\/p>\n
\"\"<\/p>\n
Find the following sections and change the information where applicable:<\/p>\n
Port 750\u00a0<\/b>( <– you can change it to any port , it will disable 22 as default port for accessing ssh)
\nProtocol 2<\/b>
\nPermitRootLogin no<\/b>\u00a0( <– This will disable direct root login )<\/p>\n
It will then look something like this :-<\/p>\n
\"\"<\/p>\n
Once the above is done , just add the below line to the bottom of the document, replacing secure with your username:<\/p>\n
\n
[code]AllowUsers secure[\/code]<\/pre>\n<\/div>\n
Save and Exit<\/p>\n
Step Six \u2014 Reload and Done!<\/b><\/p>\n
Reload SSH, and it will implement the new ports and settings.<\/p>\n
\n
<\/div>\n
[code]service sshd restart[\/code]<\/pre>\n<\/div>\n
\"\"<\/p>\n
Finally you can login to your SSH using the user secure with port 750 .<\/p>\n
\"\"<\/p>\n
\"\"<\/p>\n
I hope this will help and few users to secure the SSH from unauthorized people .<\/p>\n","protected":false},"excerpt":{"rendered":"
When you first begin to approach your newly installed server, there are a few early steps you should take to make it more secure from hackers. The first tasks can include setting up a new user, providing them with the proper privileges, and configuring SSH. Step One \u2014 Login via Root\u00a0 Step Two \u2014 Change […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[60],"tags":[66],"class_list":["post-95","post","type-post","status-publish","format-standard","hentry","category-linux","tag-secure-ssh-centos"],"acf":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts\/95","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/comments?post=95"}],"version-history":[{"count":0,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts\/95\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/media?parent=95"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/categories?post=95"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/tags?post=95"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}