13,420
edits
Changes
no edit summary
# The next change you can make is to prevent the root account from logging in to sshd altogether.
# Change to your '''centos1''' VM and open a terminal.
# Edit the file '''/etc/ssh/sshd_config''' and look for the option '''<b><code><span style="color:#3366CC;font-size:1.2em;">PermitRootLogin</span></code></b>. <u>'''. Un-comment the option '''</u> (or add the option if it does not appear) and change the option value to '''<b><code><span style="color:#3366CC;font-size:1.2em;">no"'''</span></code></b>.<br><br>'''NOTE:''' Now any hacking attempt also has to guess an account name as well as the password. If you need to ssh with root access, ssh as a regular user and use '''su -''' to become root.<br><br>
# Even better, it is possible to restrict access to just specific users that require it.
# Edit the file '''/etc/ssh/sshd_config''' and add a new option of '''<b><code><span style="color:#3366CC;font-size:1.2em;">AllowUsers account"</span></code></b> using ''' using your ''' login account for account# In order for these changes to be effective, issue the following command to restart the '''sshd ''' service:<br /><b><code><span style="color:#3366CC;font-size:1.2em;">service systemctl restart sshd restart</span></code></b>
# Try sshing from your '''c7host''' VM to your '''centos1''' VM. Where you successful? Would it work if you let "AllowUsers account" without a username, or a non-existent username? Do not do this for your machine!
# Next change the default port number that sshd uses (TCP:22).
# Edit the '''/etc/ssh/sshd_config''' file again, un-comment the port option and change the '''port number ''' it uses from ''22'' to '''<b><code><span style="color:#3366CC;font-size:1.2em;">2200'''</span></code></b>.
# <u>Restart</u> the service.
# Confirm the new port is being used with the '''netstat''' command.
# We have now possibly mislead a potential "hacker" to the true port for our ssh server's communication channel (port).
# Switch to your '''centos1''' VM.
# Issue the commmand: <b><code><span style="color:#3366CC;font-size:1.2em;">ssh username@centos2centos1</span></code></b>. What happens? What port do you think that command is using by default?
# Now issue the following command to ssh via port "2200": <b><code><span style="color:#3366CC;font-size:1.2em;">ssh -p 2200 username@centos1</span></code></b>. Where you able to connect?
<ol><li value="17">Finally, as a system administrator, you should periodically monitor your system logs for unauthorized login attempts.</li>
