# In order for these changes to take affect, you need to restart the sshd daemon. Issue the following command to restart the '''sshd''' service:<br /><b><code><span style="color:#3366CC;font-size:1.2em;">systemctl restart sshd</span></code></b>
# Try SSHing from your '''c7host''' VM to your '''centos1''' VM as '''root'''. Where you successful? Now try SSHing from your c7host VM to your centos1 VM as a regular user that was permitted to connect via ssh. Did it work? What would happen for other user accounts that were not permitted?
# Next, let us "fool" potential penetration testers by changing the default port number that sshd uses from port 22 to port 2200.
# Edit the '''/etc/ssh/sshd_config''' file again, un-comment the port option and change the '''port number''' it uses from ''22'' to <b><code><span style="color:#3366CC;font-size:1.2em;">2200</span></code></b>.
# <u>Restart</u> the '''ssh''' service.
# Confirm the new port is being used with the '''netstat''' command.
# Switch to your '''centos1''' VM.
# Issue the commmand: <b><code><span style="color:#3366CC;font-size:1.2em;">ssh username@centos1</span></code></b>. What happens? What port do you think that command is using by default?
# Now issue the following command to ssh via port "2200": <b><code><span style="color:#3366CC;font-size:1.2em;">ssh -p 2200 username@centos1</span></code></b>. Where you able to connect?
<ol><li value="17">Finally, as a system administrator, you should periodically monitor your system logs for unauthorized login attempts.</li>
<li>On CentOS systems the log file that is used is '''/var/log/secure''' </li>
# Verify that the file '''/etc/sysconfig/iptables''' exists.
# Restart your iptables service and test your configuration.
# Before we can use this new port we must change our firewall to allow traffic through the new port number and block access to port 22 by issuing the command:<br /><b><code><span style="color:#3366CC;font-size:1.2em;">iptables -I INPUT -p tcp -s0/0 --dport 2200 -j ACCEPT</span></code></b>
# Next, we will drop any incoming traffic to port 22 by issuing the command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">iptables -I INPUT -p tcp -s0/0 --dport 22 -j DROP</span></code></b>
# We have now possibly mislead a potential "hacker" to the true port for our ssh server's communication channel (port).