How to secure a CentOS server using encrypted remote login protocol (SSH)

How to protect CentOS server using encrypted remote login protocol (SSH)

Introduction:
In today's digital age, server security is very critical. To protect the server, we need to take various security measures, one of which is using an encrypted remote login protocol. SSH (Secure Shell) is a commonly used encrypted remote login protocol, which can effectively protect the server from unauthorized access. This article will introduce how to use SSH to protect a CentOS server and provide corresponding code examples.

Step 1: Install OpenSSH server
Before using SSH on the CentOS server, we first need to install the OpenSSH server. The following is a sample code for installing the OpenSSH server:

sudo yum install openssh-server

Step 2: Configure the SSH server
Once the OpenSSH server is installed, we need to perform some configurations to ensure server security. It mainly includes the following configurations:

1. Disable direct login by root user: By disabling direct login by root user, potential attack risks can be effectively reduced. We can disable root user login by editing the SSH configuration file /etc/ssh/sshd_config:

sudo vi /etc/ssh/sshd_config

Find the following line and modify it:

#PermitRootLogin yes

Modify to:

PermitRootLogin no

Save and close the file.

2. Use public key authentication to log in: Using public key authentication to log in can greatly increase the security of the server. Here are the steps on how to set up public key authentication login:

First, we need to generate a pair of public and private keys. In this example, we will generate a new pair of RSA keys:

ssh-keygen -t rsa -b 4096

Then, add the public key to the server's ~/.ssh/authorized_keys file to implement the public key Authentication:

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Finally, modify the file permissions to ensure that the private key cannot be read from the outside:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Save and exit.

Step Three: Restart the SSH Service
After completing the configuration, we need to restart the SSH Service for the changes to take effect:

sudo systemctl restart sshd

Step Four: Test the SSH Connection
Now, we can Use an SSH client to connect to the CentOS server and test. Here is sample code on how to connect using SSH:

ssh [用户名]@[服务器IP地址]

Example:

ssh [email protected]

If everything goes well, you will be prompted for your password and successfully log in to the server.

Conclusion:
Using an encrypted remote login protocol (SSH) is one of the important steps to protect your CentOS server. By disabling direct login by the root user and logging in using public key authentication, we can effectively improve the security of the server. This article provides steps and sample code for installing and configuring an OpenSSH server. We hope it will be helpful to you in protecting your server. Remember, server security is an ongoing process, and we should pay close attention to the latest security standards and best practices, and promptly update and strengthen server security.

The above is the detailed content of How to secure a CentOS server using encrypted remote login protocol (SSH). For more information, please follow other related articles on the PHP Chinese website!