Open main menu

CDOT Wiki β

Changes

OPS235 Lab 7 - CentOS7

26 bytes added, 12:15, 7 July 2015
no edit summary
# The next change you can make is to prevent the root account from logging in to sshd altogether.
# Change to your '''centos2''' VM and open a terminal.
# Edit the file '''/etc/ssh/sshd_config''' and look for the option '''PermitRootLogin'''. Un-comment the option (or add the option if it does not appear) and change the option value to '''"no"'''.<<br><br>'''NOTE:''' Now any hacking attempt also has to guess an account name as well as the password. If you need to ssh with root access, ssh as a regular user and use '''su -''' to become root.<br><br>
# Even better, it is possible to restrict access to just specific users that require it.
# Edit the file '''/etc/ssh/sshd_config''' and add a new option of '''"AllowUsers account"''' using your login account for account
# In order for these changes to be effective, issue the following command to restart the sshd service:<br /><b><code><span style="color:#3366CC;font-size:1.2em;">service sshd restart</span></code></b>
# Try sshing from your '''centos1''' VM to your '''centos2''' VM. Where you successful? Would it work if you let "AllowUsers account" without a username, or a non-existent username?
# Now any hacking attempt also has to guess an account name as well as the password. If you need to ssh with root access, ssh as a regular user and use '''su -''' to become root.
# Next change the default port number that sshd uses (TCP:22).
# Edit the sshd configuration file again and change the port number it uses to 2200.
13,420
edits