I'm interested in the steps you make when you need to set up a new Linux (preferably CentOS) server, putting a emphasis on security, like changing SSH port, limiting root SSH access, etc.
Asked
Active
Viewed 148 times
2
-
http://serverfault.com/questions/247402/locking-down-a-box-on-the-internet/247419#247419 – Zoredache Nov 14 '11 at 18:34
-
This question is far too broad, even for general best-practices. The link Zoredache posted is a good start. – sysadmin1138 Nov 14 '11 at 18:42
1 Answers
0
I usually don't change SSH port, because it complicates setups (now I should remember which port I use on which server and I have 20+ of them) and confuses me and my customers. I use DenyHosts instead, it is available from an EPEL repo. It's also good to disable password-based authentication in favor of key-based in sshd_config (PasswordAuthentication no and PubkeyAuthentication yes), at least for the root account (PermitRootLogin without-password). Of course empty passwords should be disabled, but I think it's a default setting nowadays (PermitEmptyPasswords no).
Alex
- 7,939
- 6
- 38
- 52