How to secure a CentOS server using Secure Remote Login Protocol (SSH)

WBOY
Release: 2023-07-05 13:53:21
Original
996 people have browsed it

How to use the secure remote login protocol (SSH) to protect the CentOS server

With the development of the network, remote login to the server has become an indispensable way to manage the server. However, traditional remote login protocols (such as telnet) have security issues, so SSH (Secure Shell) has quickly become the preferred remote login protocol. In this article, we will discuss how to protect your CentOS server using SSH to ensure the security and integrity of your data.

SSH is an encrypted network protocol that allows secure remote login over insecure networks. It uses public key cryptography to verify the identity of the server and encrypts and decrypts data through a combination of public and private keys.

First, we need to ensure that the CentOS server is using the latest version of SSH. You can check the current SSH version through the following command:

ssh -V
Copy after login

If SSH is not installed in your system, you can use the following command to install it:

yum install openssh-server
Copy after login

After the installation is completed, we need to perform SSH Some configurations to improve server security.

First, we need to disable SSH root login. This is because the root user has the highest privileges and is vulnerable to attackers. We can disable root login by editing the SSH configuration file:

vi /etc/ssh/sshd_config
Copy after login
Copy after login

Find the following line and modify it to no:

PermitRootLogin no
Copy after login

Save and close the file. Then, reload the SSH service for the changes to take effect:

systemctl reload sshd
Copy after login

Next, we can set a stronger password policy. We can achieve this by editing the PAM (Pluggable Authentication Modules) configuration file:

vi /etc/pam.d/system-auth
Copy after login

Find the following line and modify it to the following:

password    requisite     pam_pwquality.so try_first_pass retry=3 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=8
Copy after login

This will set the password policy to require that the password contains at least 8 characters, and must have one number, one uppercase letter, one lowercase letter and one special character.

Then, we can configure the security options of SSH. We can do this by editing the SSH configuration file:

vi /etc/ssh/sshd_config
Copy after login
Copy after login

Find the following line and modify it to the following:

PermitEmptyPasswords no
MaxAuthTries 3
AllowUsers username
Copy after login

This will disable empty password logins and limit the number of authentication attempts to 3 times and only allow specified users to log in.

Finally, we can also improve the security of SSH by using public key authentication. First, generate the public and private keys on the client. You can generate it using the following command:

ssh-keygen
Copy after login

Then, add the public key to the server's authorized_keys file:

ssh-copy-id username@server_ip
Copy after login

After entering the server password, the public key will be automatically copied to the server. This allows you to authenticate using your private key without entering a password.

Through the above steps, we have successfully improved the security of the CentOS server. When you log in remotely, using the SSH protocol will ensure the secure transmission of data and the security of the server.

Summary:
This article introduces how to use SSH to protect CentOS servers. We can improve server security by disabling root logins, configuring password policies, setting security options, and using public key authentication. Remote login using the SSH protocol ensures the secure transmission of data and the security of the server. As server managers, we should always pay attention to the security of the server and regularly check and update relevant configurations to ensure the security and stability of the server.

The above is the detailed content of How to secure a CentOS server using Secure Remote Login Protocol (SSH). For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template