1,234
edits
Changes
→Investigation 7: How do you make sshd more secure
=== Investigation 7: How do you make sshd more secure ===
{{Admon/note | Note! | Complete this investigation on your fedora2 centos2 and fedora1 centos1 VM's.}}
{{Admon/note | | Anytime you configure your computer to allow logins from the network you are leaving yourself vulnerable to potential unauthorized access by so called "hackers". Running the sshd service is a fairly common practice but care must be taken to make things more difficult for those hackers that attempt to use "brute force" attacks to gain access to your system. Hackers use their knowledge of your system and many password guesses to gain access. They know which port is likely open to attack (TCP:22), the administrative account name (root), all they need to do is to "guess" the password.}}
# Confirm the new port is being used with a <code>netstat</code> command.
# Before we can use this new port we must change our firewall to allow traffic through the new port number and block access to port 22:<br /><code>iptables -I INPUT -p tcp -s0/0 --dport 22 -j DROP</code><br /><code>iptables -I INPUT -p tcp -s0/0 --dport 2200 -j ACCEPT</code>
# To test the new port connect to fedora1 centos1 from fedora2 centos2 using the following command:<br /><code>ssh -p 2200 user@fedora1centos1</code>
{{Admon/important|Cannot connect via SSH?|To fix issues with the ability to ssh, on both machines:<ul><li>Ensure ssh is running. Systemctl status sshd.service.</li><li>Disable selinux by going into /etc/selinux/config and change "enforcing" to "disabled"; "targeted" to "minimum".</li><li>If your are still encountering problems flush iptables.</li></ul>}}
{{Admon/tip | Tip! | For scp access the option to be used is: <code>scp -P 2200</code>}}
{{Admon/tip | Tip! | For more ideas on making sshd more secure consult the HOW-TO link above.}}
<ol><li value="14">Finally as a system administrator you should periodically monitor your system logs for unauthorized login attempts.</li>
<li>On Fedora CentOS systems the log file that is used is <code>/var/log/secure</code> </li>
<li>It also logs all uses of the <code>su</code> and <code>sudo</code> commands.</li>
<li>Attempt to connect to all of your VM's as root and other users using both public key and password authentication. Use some su and sudo commands also. </li>
'''Answer the Investigation 7 observations / questions in your lab log book.'''
== Completing the lab ==