CentOS 8 SSH Server Hardening & Create Users
First of all i have to say i am studies Linux for 2 days and this is first topic i learned , I might have something wrong about this , and purpose of this content is reminder about something i learned.
Topics
- Create new users for ssh
- Test new users for ssh
- Hardening
After installed CentOS 8 and got root password then login and add new users for SSH (In this case is ssh-t3st ) by this command.
useradd ssh-t3st
Then settings password for ssh-t3st by this command and input password do you want to set.
passwd ssh-t3st
Then test login by user we create through SSH
Now you can remote to server by used ssh , lets hardening ssh by block root login through ssh and change ssh service port for decrease chance to got attack by Bot or Attacker
We will hardening by modify ssh configuration file (/etc/ssh/sshd.config) * you can use :set number
for view line number
Then edit line 17 by type i
for insert text delete #
for and change #port 22
to port 2222
in this case i use port 2222 for new ssh service port
Then edit line 46 PermitRootLogin yes
to PermitRootLogin no
for not permit use root user to login
Then save change of this file by :wq
( :wq
is mean write and quit ) , then restart sshd service systemctl restart sshd
In this case we have problem to restart sshd service , if you have SE-Linux on server like this (I create cloud server service for test) you have to add permission in SE-Linux for this by use this command
semanage port -a -t ssh_port_t -p tcp 2222
it mean [SE-Linux( semanage
) manageport ( port
) add( -a
) service type ( -t
) ssh_port_t (name of service) protocol ( -p
) tcp 2222(port number)
Now you can restart sshd service
Now lets test it should can’t login by root user and have to use port 2222 to login only
Done !
Hope you guys got something from this content and sorry if i mistaking something feel free to advise me
Thanks you.