howto, security

CentOS First Steps

Leave a comment

First security steps when setting up any new internet facing linux server:

  • Create a new user account
    • # adduser username
    • # passwd username
    • # usermod -aG wheel username
  • Send SSH key
    • scp id_rsa.pub username@hostname:/home/username/id_rsa.pub
    • $ mkdir ~/.ssh
    • $ cat id_rsa.pub >> ~/.ssh/authorized_keys
    • $ chmod 700 ~/.ssh
    • $ chmod 600 ~/.ssh/authorized_keys
  • Ensure SSH key authentication works
    • Disconnect and then reconnect, you should get prompted for your private key password not your server password (you did provide a password for your private key, right?!)
    • Do not disable “PasswordAuthentication” option below unless you are positive you are authentication SSH via keys – you will be locked out of your server and no longer able to SSH in.
  • Disable Root SSH, Set Protocol 2 and Password SSH
    • $ sudo yum install -y nano
    • $ sudo nano /etc/ssh/sshd_config
      • PermitRootLogin no
      • Protocol 2
      • PasswordAuthentication no
    • $ sudo service sshd restart
    • Ensure you can still SSH back into the box using your key only.
  • Update packages
    • $ sudo yum upgrade
  • Reboot
    • $ sudo reboot

Leave a Reply