9
edits
Changes
no edit summary
{{Admon/tip | Tip! | Making your root password (and all other accounts!) both quite complex but easy to remember is not hard. Passwords should be a minimum of 8 characters long, preferably longer, contain upper and lower case letters, numbers, and special characters. A good example of a strong password might be "LotR3--RotK." This is not that hard to remember as it corresponds to a book title. "Lord of the Rings 3 Return of the King." The password "P@ssw0rd!" is not as good because it is quite obvious and common.}}
* Think of a good quality password and change your root passwords on all 3 VM's to be more secure. (It would be a good idea to do this for non-root accounts also)
* The next change you can make is to prevent the root account from logging in to sshd altogether.
* Edit the file <code>/etc/ssh/sshd_config</code> and look for the option <code>PermitRootLogin</code>. Uncomment the option and change it to <code>"no"</code>.
* Even better it is possible to restrict access to just specific users that require it.
* Edit the file <code>/etc/ssh/sshd_config</code> and add a new option of <code>"AllowUsers account"</code> using your login account for account.
* In order for these changes to be effective restart the sshd service.
** <code>service sshd restart</code>
* Now any hacking attempt also has to guess an account name as well as the password. If you need to ssh with root access, ssh as a regular user and use <code>su -</code> to become root.
* Next change the default port number that sshd uses (TCP:22).
* Edit the sshd configuration file again and change the port number it uses to 2200.
* Restart the service.
* Confirm the new port is being used with a <code>netstat</code> command.
* Before we can use this new port we must change our firewall to allow traffic through the new port number and block access to port 22.
** iptables -I INPUT -p tcp -s0/0 --dport 22 -j DROP
** iptables -I INPUT -p tcp -s0/0 --dport 2200 -j ACCEPT
