WIKI webhosting

Secure remote login is a crucial aspect of server and network infrastructure management. Secure Shell (SSH) provides a secure mechanism for authentication and data transmission between a client and server. In this article, we'll focus on advanced security measures for SSH on the CentOS 7 operating system, including the use of key-based authentication and disabling root login.

Using Key-Based Authentication

Key-based authentication provides a more secure alternative to traditional password authentication. This process utilizes public and private keys to verify a user's identity without the need to transmit a password over the network.

1. Generating SSH Keys On the client machine, use the ssh-keygen command to generate a new SSH key pair. Specify the location to save the key file and a passphrase for additional protection of the private key.

2. Copying the Public Key to the Server Use the ssh-copy-id user@server command, where user is your user account on the CentOS 7 server and server is the server's address. This command copies your public key to the ~/.ssh/authorized_keys file on the server.

3. Configuring SSH Daemon on the Server Modify the /etc/ssh/sshd_config file on the server to make key-based authentication mandatory. Set PasswordAuthentication no, which disables login using a password.

Disabling Root Login

Logging in directly as the root user via SSH presents significant security risks. To enhance security, it's recommended to disable root login and use sudo for executing privileged operations.

1. Editing SSH Daemon Configuration In the /etc/ssh/sshd_config file, find the PermitRootLogin line and change its value to no. This prevents direct root user login via SSH.

2. Restarting SSH Service After saving the changes in the configuration file, restart the SSH daemon using the systemctl restart sshd command. This applies the new configurations.

Additional Recommended Security Measures

• Changing the Default Port By changing the SSH port (typically 22) to a less common one, you can reduce the number of automated login attempts.

• Restricting Access with Firewall Utilize a firewall to restrict access to the SSH server only from trusted IP addresses.

• Using Fail2Ban Fail2Ban is a tool that monitors logs and automatically blocks IP addresses attempting unauthorized access.

By implementing these advanced security measures, you significantly enhance the security of your CentOS 7 server when using SSH. It's important to recognize that system security is a continuous process requiring ongoing attention and updates in response to newly discovered threats.