This is part three of the three part tutorial on securing your CentOS server.
1. Bruteforce and DoS Attack Prevention
2. IP Tables Firewall
3. SSH Hardening
In this tutorial, we will harden our SSH.
First we will have to edit the ssh config
1. sudo vim /etc/ssh/sshd_config
From here we will edit the SSH port. Default, the port is 22 so we are going to change it to a random port between 49152–65535.
1. Port 61111
This will help prevent bruteforce attacks also!
Now we are going to disable our old root account and create a new one.
1. sudo vim /etc/ssh/sshd_config
And edit the line "PermitRootLogin" to "no"
Now we are going to create the new admin user.
1. sudo adduser HardDriveHotel
2. sudo passwd HardDriveHotel
If we want, we can allow only our new user to use SSH.
1. sudo vim /etc/ssh/sshd_config
Add the following line
2. AllowUsers HardDriveHotel
Now update your IPTables to allow your specified port to work.
1. iptables -t filter -A INPUT -p tcp --dport 61111 -j ACCEPT
2. iptables -t filter -A OUTPUT -p tcp --dport 61111 -j ACCEPT
Now we must restart our SSH service
1. sudo /etc/rc.d/init.d/sshd restart
To test that our account is working use the following command
1. ssh -p 61111 HardDriveHotel@YOURSERVERIPHERE
