Wednesday, October 22, 2014

CentOS 7 How to secure SSH service

Haven't got any time play with CentOS 7 since it launched.

Here are my steps to setup the SSH service on CentOS 7:

1.sudo

2.Configure SSH disable root remote login

vi /etc/ssh/sshd_config

PermitRootLogin no


3.Configure SSH to a bigger random port
Most of the "Port scanning Tools", start from lower ports number: 1,2,3...20,21,22,23...10000.
To make "My Friends"'s work a little bit hard.
To secure the ssh, simply give it an high random number like: 44022
vi /etc/ssh/sshd_config

Port 44022


4.Tell SELinux to pickup the new port
semanage port -a -t ssh_port_t -p tcp 44022


5.Update Firmwalld allow the new port
vi /usr/lib/firewalld/services/ssh.xml





SSH
Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.




Now restart the ssh and firmwalld daemons
# systemctl restart sshd.service
# firewall-cmd --reload


Reference: http://wiki.centos.org/HowTos/Network/SecuringSSH

[poll id="3"]

No comments:

Post a Comment