13,420
edits
Changes
no edit summary
# The next change you can make is to prevent the root account from logging in to sshd altogether.
# Change to your '''centos2''' VM and open a terminal.
# Edit the file '''/etc/ssh/sshd_config''' and look for the option '''PermitRootLogin'''. Un-comment the option (or add the option if it does not appear) and change the option value to '''"no"'''.<<br><br>'''NOTE:''' Now any hacking attempt also has to guess an account name as well as the password. If you need to ssh with root access, ssh as a regular user and use '''su -''' to become root.<br><br>
# Even better, it is possible to restrict access to just specific users that require it.
# Edit the file '''/etc/ssh/sshd_config''' and add a new option of '''"AllowUsers account"''' using your login account for account
# In order for these changes to be effective, issue the following command to restart the sshd service:<br /><b><code><span style="color:#3366CC;font-size:1.2em;">service sshd restart</span></code></b>
# Try sshing from your '''centos1''' VM to your '''centos2''' VM. Where you successful? Would it work if you let "AllowUsers account" without a username, or a non-existent username?Do not do this for your machine!
# Next change the default port number that sshd uses (TCP:22).
# Edit the '''/etc/ssh/sshd_config''' file again, un-comment the port option and change the port number it uses from ''22'' to '''2200'''.
# Before we can use this new port we must change our firewall to allow traffic through the new port number and block access to port 22 by issuing the command:<br /><b><code><span style="color:#3366CC;font-size:1.2em;">iptables -I INPUT -p tcp -s0/0 --dport 2200 -j ACCEPT</span></code></b>
# Next, we will drop any incoming traffic to port 22 by issuing the command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">iptables -I INPUT -p tcp -s0/0 --dport 22 -j DROP</span></code></b>
# We have now possibly mislead a potential "hacker" to the true port for our ssh server's communication channel (port). To test the new port connect # Switch to your '''centos1''' from '''VM.# Issue the commmand: <b><code><span style="color:#3366CC;font-size:1.2em;">ssh username@centos2''' </span></code></b>. What happens? What port do you think that command is using by default?# Now issue the following commandto ssh via port "2200":<br /><b><code><span style="color:#3366CC;font-size:1.2em;">ssh -p 2200 userusername@centos1centos2</span></code></b>. Where you able to connect?
{|width="40%" align="right"