How to secure a CentOS server using Secure Remote Login Protocol (SSH)

How to use the secure remote login protocol (SSH) to protect the CentOS server

With the development of the network, remote login to the server has become an indispensable way to manage the server. However, traditional remote login protocols (such as telnet) have security issues, so SSH (Secure Shell) has quickly become the preferred remote login protocol. In this article, we will discuss how to protect your CentOS server using SSH to ensure the security and integrity of your data.

SSH is an encrypted network protocol that allows secure remote login over insecure networks. It uses public key cryptography to verify the identity of the server and encrypts and decrypts data through a combination of public and private keys.

First, we need to ensure that the CentOS server is using the latest version of SSH. You can check the current SSH version through the following command:

ssh -V

If SSH is not installed in your system, you can use the following command to install it:

yum install openssh-server

After the installation is completed, we need to perform SSH Some configurations to improve server security.

First, we need to disable SSH root login. This is because the root user has the highest privileges and is vulnerable to attackers. We can disable root login by editing the SSH configuration file:

vi /etc/ssh/sshd_config

Find the following line and modify it to no:

PermitRootLogin no

Save and close the file. Then, reload the SSH service for the changes to take effect:

systemctl reload sshd

Next, we can set a stronger password policy. We can achieve this by editing the PAM (Pluggable Authentication Modules) configuration file:

vi /etc/pam.d/system-auth

Find the following line and modify it to the following:

password    requisite     pam_pwquality.so try_first_pass retry=3 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=8

This will set the password policy to require that the password contains at least 8 characters, and must have one number, one uppercase letter, one lowercase letter and one special character.

Then, we can configure the security options of SSH. We can do this by editing the SSH configuration file:

vi /etc/ssh/sshd_config

Find the following line and modify it to the following:

PermitEmptyPasswords no
MaxAuthTries 3
AllowUsers username

This will disable empty password logins and limit the number of authentication attempts to 3 times and only allow specified users to log in.

Finally, we can also improve the security of SSH by using public key authentication. First, generate the public and private keys on the client. You can generate it using the following command:

ssh-keygen

Then, add the public key to the server's authorized_keys file:

ssh-copy-id username@server_ip

After entering the server password, the public key will be automatically copied to the server. This allows you to authenticate using your private key without entering a password.

Through the above steps, we have successfully improved the security of the CentOS server. When you log in remotely, using the SSH protocol will ensure the secure transmission of data and the security of the server.

Summary:
This article introduces how to use SSH to protect CentOS servers. We can improve server security by disabling root logins, configuring password policies, setting security options, and using public key authentication. Remote login using the SSH protocol ensures the secure transmission of data and the security of the server. As server managers, we should always pay attention to the security of the server and regularly check and update relevant configurations to ensure the security and stability of the server.

The above is the detailed content of How to secure a CentOS server using Secure Remote Login Protocol (SSH). For more information, please follow other related articles on the PHP Chinese website!