How to secure OpenSSH on CentOS 7.4

To secure OpenSSH on CentOS 7.4

OpenSSH (or Secure SHell) is a standard for remote access replacing the telnet protocol. SSH has made protocols such as telnet redundant due, in most part, to the fact that the connection is encrypted and passwords are no longer sent in plain text for all to see. However, a default installation of ssh isn't perfect, and when running an ssh server there are a few simple steps that can dramatically harden an installation. This tutorial will guide you through the method to secure OpenSSH on CentOS 7.4. 


Securing OpenSSH

First, you need to disable the root login, so that, the root user can't directly log into the server.

[root@linuxhelp1 ~]# vim /etc/ssh/sshd_config
PermitRootLogin no
[root@linuxhelp1 ~]# systemctl restart sshd.service

 

And then, you need to limit the user login and for that, you need to run the following command.

[root@linuxhelp1 ~]# vim /etc/ssh/sshd_config
AllowUsers user1
[root@linuxhelp1 ~]# systemctl restart sshd.service

 

You can also change the default SSH port 22 by making use of the following command.

[root@linuxhelp1 ~]# vim /etc/ssh/sshd_config
Port 3456

 

Later, allow the ports and restart the firewall by using the following commands.

[root@linuxhelp1 ~]# firewall-cmd --add-port=3456/tcp
[root@linuxhelp1 ~]# firewall-cmd --add-port=3456/tcp –permanent
[root@linuxhelp1 ~]# firewall-cmd --reload

 

You can now add the SELinux policy and for that make use of the following command.

[root@linuxhelp1 ~]# semanage port -a -t ssh_port_t -p tcp 3456

 

Also, filter the default 22 port in firewall

[root@linuxhelp1 ~]# firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp --dport 22 -m state --state NEW -m recent --set
[root@linuxhelp1 ~]# firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 1 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REject --reject-with tcp-reset

 

Finally, you shall reload by making use of the following command.

[root@linuxhelp1 ~]# firewall-cmd --reload

With this, the method to secure openssh on centos 7.4.


Thank you! for using Linux Help.

You find this tutorial helpful? Share with your friends to keep it alive.
For more help topics browse our website www.linuxhelp.com
Be the first to comment, we value your suggestions. For further queries please comment below.

Tags: CentOS OpenSSH
user image Author :  Matthew