Home Operation and Maintenance Linux Operation and Maintenance How to secure a CentOS server using Secure Remote Login Protocol (SSH)

How to secure a CentOS server using Secure Remote Login Protocol (SSH)

Jul 05, 2023 pm 01:53 PM
safety protection centos server Remote login protocol (ssh)

How to use the secure remote login protocol (SSH) to protect the CentOS server

With the development of the network, remote login to the server has become an indispensable way to manage the server. However, traditional remote login protocols (such as telnet) have security issues, so SSH (Secure Shell) has quickly become the preferred remote login protocol. In this article, we will discuss how to protect your CentOS server using SSH to ensure the security and integrity of your data.

SSH is an encrypted network protocol that allows secure remote login over insecure networks. It uses public key cryptography to verify the identity of the server and encrypts and decrypts data through a combination of public and private keys.

First, we need to ensure that the CentOS server is using the latest version of SSH. You can check the current SSH version through the following command:

ssh -V
Copy after login

If SSH is not installed in your system, you can use the following command to install it:

yum install openssh-server
Copy after login

After the installation is completed, we need to perform SSH Some configurations to improve server security.

First, we need to disable SSH root login. This is because the root user has the highest privileges and is vulnerable to attackers. We can disable root login by editing the SSH configuration file:

vi /etc/ssh/sshd_config
Copy after login
Copy after login

Find the following line and modify it to no:

PermitRootLogin no
Copy after login

Save and close the file. Then, reload the SSH service for the changes to take effect:

systemctl reload sshd
Copy after login

Next, we can set a stronger password policy. We can achieve this by editing the PAM (Pluggable Authentication Modules) configuration file:

vi /etc/pam.d/system-auth
Copy after login

Find the following line and modify it to the following:

password    requisite     pam_pwquality.so try_first_pass retry=3 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=8
Copy after login

This will set the password policy to require that the password contains at least 8 characters, and must have one number, one uppercase letter, one lowercase letter and one special character.

Then, we can configure the security options of SSH. We can do this by editing the SSH configuration file:

vi /etc/ssh/sshd_config
Copy after login
Copy after login

Find the following line and modify it to the following:

PermitEmptyPasswords no
MaxAuthTries 3
AllowUsers username
Copy after login

This will disable empty password logins and limit the number of authentication attempts to 3 times and only allow specified users to log in.

Finally, we can also improve the security of SSH by using public key authentication. First, generate the public and private keys on the client. You can generate it using the following command:

ssh-keygen
Copy after login

Then, add the public key to the server's authorized_keys file:

ssh-copy-id username@server_ip
Copy after login

After entering the server password, the public key will be automatically copied to the server. This allows you to authenticate using your private key without entering a password.

Through the above steps, we have successfully improved the security of the CentOS server. When you log in remotely, using the SSH protocol will ensure the secure transmission of data and the security of the server.

Summary:
This article introduces how to use SSH to protect CentOS servers. We can improve server security by disabling root logins, configuring password policies, setting security options, and using public key authentication. Remote login using the SSH protocol ensures the secure transmission of data and the security of the server. As server managers, we should always pay attention to the security of the server and regularly check and update relevant configurations to ensure the security and stability of the server.

The above is the detailed content of How to secure a CentOS server using Secure Remote Login Protocol (SSH). For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
1 months ago By 尊渡假赌尊渡假赌尊渡假赌
Two Point Museum: All Exhibits And Where To Find Them
1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

How to use an IP blacklist to block malicious IP addresses from accessing your CentOS server How to use an IP blacklist to block malicious IP addresses from accessing your CentOS server Jul 05, 2023 am 11:30 AM

How to use IP blacklists to prevent malicious IP addresses from accessing CentOS servers Servers operating on the Internet often face attacks from malicious IP addresses, and these attacks may cause server performance degradation or even system crashes. In order to protect the security and stability of the server, CentOS server provides a simple and effective way to block access from malicious IP addresses, that is, using an IP blacklist. An IP blacklist is a list of IP addresses that are considered threatening or malicious. When the server receives data from these IP

How to protect data on CentOS servers using secure file system encryption How to protect data on CentOS servers using secure file system encryption Jul 07, 2023 pm 02:22 PM

How to protect data on CentOS servers using secure file system encryption In today’s digital age, data security has become even more important. Especially sensitive data stored on servers, if not properly protected, may be attacked by hackers, leading to serious consequences. In order to ensure data confidentiality and integrity, we can use file system encryption to protect data on the CentOS server. This article will explain how to use secure file system encryption to protect data on CentOS servers and

How to Protect CentOS Servers Using Network Intrusion Detection Systems (NIDS) How to Protect CentOS Servers Using Network Intrusion Detection Systems (NIDS) Jul 05, 2023 pm 02:13 PM

How to Protect CentOS Servers Using Network Intrusion Detection Systems (NIDS) Introduction: In modern network environments, server security is crucial. Attackers use a variety of means to try to break into our servers and steal sensitive data or compromise systems. To ensure server security, we can use a Network Intrusion Detection System (NIDS) for real-time monitoring and detection of potential attacks. This article will introduce how to configure and use NIDS on a CentOS server to protect the server. Step 1: Install and configure SN

How to protect your CentOS server from malware using antivirus software How to protect your CentOS server from malware using antivirus software Jul 05, 2023 pm 09:00 PM

How to Use Antivirus Software to Protect CentOS Servers from Malware In today’s digital age, server security is crucial. The intrusion of malware may lead to the leakage of personal information, system failure and even hacker attacks. To protect CentOS servers from these risks, we can use antivirus software to increase the security of the server. This article will introduce how to use antivirus software to protect CentOS servers, and attach some code examples for reference. Choosing the right antivirus software First, I

How to protect CentOS servers from unauthorized access using an intrusion detection system (IDS) How to protect CentOS servers from unauthorized access using an intrusion detection system (IDS) Jul 05, 2023 am 11:37 AM

How to Protect CentOS Server from Unauthorized Access Using Intrusion Detection System (IDS) Introduction: As a server administrator, protecting the server from unauthorized access is a very important task. The Intrusion Detection System (IDS for short) can help us achieve this goal. This article will introduce how to install and configure Snort, a commonly used IDS tool, on a CentOS server to protect the server from unauthorized access. 1. An

How to secure access to your CentOS server using two-factor authentication How to secure access to your CentOS server using two-factor authentication Jul 08, 2023 am 11:37 AM

How to use two-factor authentication to secure access to CentOS servers Summary: With the increase in network attacks, it is particularly important to secure access to servers. Two-factor authentication is a way to enhance server security. This article will introduce how to use two-factor authentication on CentOS servers to improve access security. Keywords: two-factor authentication, CentOS server, access security, code example 1. What is two-factor authentication? Two-factor authentication refers to the use of two or more different identities.

How to implement data encryption and security protection in uniapp How to implement data encryption and security protection in uniapp Oct 21, 2023 am 09:57 AM

How to implement data encryption and security protection in uniapp Introduction: With the rapid development of mobile Internet, data security issues have become increasingly important. When developing uniapp applications, how to protect user data security and prevent data leakage and tampering has become an urgent problem to be solved. This article will introduce how to implement data encryption and security protection in uniapp, and provide specific code examples. 1. Use HTTPS to protect data transmission HTTPS is a security protocol that encrypts and protects network communications through the SSL/TLS protocol.

How to implement more secure SSH login on CentOS server using key authentication How to implement more secure SSH login on CentOS server using key authentication Jul 05, 2023 pm 06:15 PM

How to use key authentication to implement more secure SSH login on CentOS servers In server management, it is crucial to ensure system security. SSH (SecureShell) is an encrypted network protocol used for remote login to Linux and UNIX servers. To further strengthen the security of the server, we can use key authentication instead of password login. This article will introduce how to implement a more secure SSH login on a CentOS server and provide corresponding code examples. Step 1: Generate

See all articles