How to secure server
After accessing your brand new server it is highly recommended to change a few things to increase security.
Firstly, change the root password
# passwd root
Secondly, we do not want to use root directly, so create new user:
# adduser user
Add user to sudo
group, allowing him to execute commands with root privileges
# usermod -aG sudo user
In CentOS
add to wheel
group
# usermod -aG wheel user
On your local machine create ssh key (if do not have one)
$ ssh-keygen -t rsa -b 4096 -C "[email protected]"
It should have created a new key pair in ~/.ssh
Copy PUBLIC key to your server
$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Then you can login using it (now use private key)
$ ssh -i ~/.ssh.id_rsa [email protected]
To increase security, create sshgroup and add user to it
$ sudo groupadd sshgroup $ sudo gpasswd -a user sshgroup
Then allow only users which belongs to this group to login via ssh. Edit the file /etc/ssh/sshd_config
and set
AllowGroups sshgroup
Add some more options
PermitRootLogin no PasswordAuthentication no PermitEmptyPasswords no UsePAM no
Then restart sshd service and you should be ready to go
$ sudo systemctl restart sshd
What has been done:
- changed
root
password - disabled
root
login - created new user with
sudo
privileges - allowed only users from
sshgroup
to login viassh
- not allowed to login via
ssh
using password