How do I configure SSH for secure remote access to CentOS?-CentOS-php.cn

Table of Contents

How do I configure SSH for secure remote access to CentOS?

What are the best practices for securing SSH on a CentOS server?

Can I limit SSH access to specific users on CentOS?

How do I set up key-based authentication for SSH on CentOS?

Home

Operation and Maintenance

CentOS

How do I configure SSH for secure remote access to CentOS?

Johnathan Smith

Mar 14, 2025 pm 03:54 PM

How do I configure SSH for secure remote access to CentOS?

To configure SSH for secure remote access on a CentOS server, follow these steps:

Update Your System: Start by ensuring your CentOS system is up to date. Run the following commands as the root user:

1
2
<code>sudo yum update
sudo yum upgrade</code>
Copy after login
Install OpenSSH: The OpenSSH package is usually installed by default, but if it isn't, you can install it using:

1
<code>sudo yum install openssh-server openssh-clients</code>
Copy after login
Start and Enable SSH Service: Ensure the SSH service is running and set to start at boot:

1
2
<code>sudo systemctl start sshd
sudo systemctl enable sshd</code>
Copy after login
Configure SSH: Edit the SSH configuration file (/etc/ssh/sshd_config) to customize settings. Open it with a text editor:

1
<code>sudo nano /etc/ssh/sshd_config</code>
Copy after login
Copy after login
Copy after login

Key settings to consider include:
- Change the default port (e.g., Port 2222).
- Disable root login (PermitRootLogin no).
- Allow only specific users or groups (AllowUsers user1 user2 or AllowGroups groupname).
Restart SSH Service: After making changes, restart the SSH service to apply them:

1
<code>sudo systemctl restart sshd</code>
Copy after login
Copy after login
Copy after login
Test Connection: From another machine, test the SSH connection using the new settings:

1
<code>ssh -p 2222 user@your_server_ip</code>
Copy after login

By following these steps, you will have SSH configured for secure remote access to your CentOS server.

What are the best practices for securing SSH on a CentOS server?

To enhance the security of SSH on a CentOS server, consider implementing the following best practices:

Use Non-Standard Ports: Change the default SSH port from 22 to a non-standard port (e.g., 2222) to reduce the likelihood of automated attacks.
Disable Root Login: Prevent root from logging in directly via SSH by setting PermitRootLogin no in the SSH configuration file. This forces users to log in with a non-root account and then use sudo for administrative tasks.
Use SSH Keys Instead of Passwords: Enable key-based authentication and disable password authentication by setting PasswordAuthentication no in the SSH configuration file. This significantly reduces the risk of brute-force attacks.
Implement Two-Factor Authentication (2FA): Add an additional layer of security with 2FA. Tools like Google Authenticator or Duo Security can be integrated with SSH.
Limit User Access: Use AllowUsers or AllowGroups in the SSH configuration to restrict which users can access the server via SSH.
Use SSH Protocol 2: Ensure that only SSH Protocol 2 is allowed by setting Protocol 2 in the configuration file, as Protocol 1 has known security vulnerabilities.
Regularly Update and Patch: Keep your SSH server and the CentOS system updated with the latest security patches to protect against known vulnerabilities.
Implement Fail2Ban: This tool can help prevent brute-force attacks by monitoring login attempts and temporarily or permanently banning IP addresses that show malicious behavior.
Use a Firewall: Configure your firewall to only allow SSH connections from trusted IP addresses or networks.

By following these best practices, you can significantly enhance the security of SSH on your CentOS server.

Can I limit SSH access to specific users on CentOS?

Yes, you can limit SSH access to specific users on CentOS by modifying the SSH configuration file. Here's how to do it:

Edit the SSH Configuration File: Open the SSH configuration file in a text editor:

1
<code>sudo nano /etc/ssh/sshd_config</code>
Copy after login
Copy after login
Copy after login
Add AllowUsers Directive: Add the AllowUsers directive followed by the usernames you wish to allow. For example:

1
<code>AllowUsers user1 user2 user3</code>
Copy after login

This will allow only user1, user2, and user3 to access the server via SSH.
Add AllowGroups Directive: Alternatively, you can allow access based on group membership using the AllowGroups directive. First, ensure the users are part of the specified group, then add:

1
<code>AllowGroups ssh_users</code>
Copy after login

This will allow all users in the ssh_users group to access the server via SSH.
Restart SSH Service: After making changes, restart the SSH service to apply them:

1
<code>sudo systemctl restart sshd</code>
Copy after login
Copy after login
Copy after login

By using these directives, you can effectively limit SSH access to specific users or groups on your CentOS server.

How do I set up key-based authentication for SSH on CentOS?

Setting up key-based authentication for SSH on CentOS involves generating SSH keys on the client machine and configuring the server to accept these keys. Here's a step-by-step guide:

Generate SSH Keys on the Client:
- Open a terminal on the client machine.
- Run the following command to generate a new SSH key pair:
  
  1
  <code>ssh-keygen -t rsa -b 4096 -C "your_email@example.com"</code>
  Copy after login
- Press Enter to save the key in the default location (~/.ssh/id_rsa).
Copy the Public Key to the Server:
- Use the ssh-copy-id command to copy the public key to the CentOS server:
  
  1
  <code>ssh-copy-id user@your_server_ip</code>
  Copy after login
- If ssh-copy-id is not available, manually copy the contents of ~/.ssh/id_rsa.pub and append it to the ~/.ssh/authorized_keys file on the server.
Configure SSH on the Server:
- Log in to the CentOS server.
- Open the SSH configuration file:
  
  1
  <code>sudo nano /etc/ssh/sshd_config</code>
  Copy after login
  Copy after login
  Copy after login
- Enable key-based authentication by ensuring the following settings are in place:
  
  1
  2
  <code>PubkeyAuthentication yes
  PasswordAuthentication no</code>
  Copy after login
- If the AuthorizedKeysFile line exists, ensure it's set to:
  
  1
  <code>AuthorizedKeysFile .ssh/authorized_keys</code>
  Copy after login
Restart SSH Service:
- After modifying the configuration file, restart the SSH service to apply the changes:
  
  1
  <code>sudo systemctl restart sshd</code>
  Copy after login
  Copy after login
  Copy after login
Test Key-Based Authentication:
- From the client machine, attempt to log in to the server using the SSH key:
  
  1
  <code>ssh user@your_server_ip</code>
  Copy after login
- If configured correctly, you should be able to log in without entering a password.

By following these steps, you can set up key-based authentication for SSH on your CentOS server, enhancing its security by eliminating the need for password-based logins.

The above is the detailed content of How do I configure SSH for secure remote access to CentOS?. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

What's New in Windows 11 KB5054979 & How to Fix Update Issues

1 months ago By DDD

How to fix KB5055523 fails to install in Windows 11?

3 weeks ago By DDD

How to fix KB5055518 fails to install in Windows 10?

3 weeks ago By DDD

Strength Levels for Every Enemy & Monster in R.E.P.O.

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Blue Prince: How To Get To The Basement

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Java Tutorial

1653

CakePHP Tutorial

1413

Laravel Tutorial

1305

PHP Tutorial

1251

C# Tutorial

1224

Related knowledge

What are the backup methods for GitLab on CentOS Apr 14, 2025 pm 05:33 PM

Backup and Recovery Policy of GitLab under CentOS System In order to ensure data security and recoverability, GitLab on CentOS provides a variety of backup methods. This article will introduce several common backup methods, configuration parameters and recovery processes in detail to help you establish a complete GitLab backup and recovery strategy. 1. Manual backup Use the gitlab-rakegitlab:backup:create command to execute manual backup. This command backs up key information such as GitLab repository, database, users, user groups, keys, and permissions. The default backup file is stored in the /var/opt/gitlab/backups directory. You can modify /etc/gitlab

What are the methods of tuning performance of Zookeeper on CentOS Apr 14, 2025 pm 03:18 PM

Zookeeper performance tuning on CentOS can start from multiple aspects, including hardware configuration, operating system optimization, configuration parameter adjustment, monitoring and maintenance, etc. Here are some specific tuning methods: SSD is recommended for hardware configuration: Since Zookeeper's data is written to disk, it is highly recommended to use SSD to improve I/O performance. Enough memory: Allocate enough memory resources to Zookeeper to avoid frequent disk read and write. Multi-core CPU: Use multi-core CPU to ensure that Zookeeper can process it in parallel.

How to configure Lua script execution time in centos redis Apr 14, 2025 pm 02:12 PM

On CentOS systems, you can limit the execution time of Lua scripts by modifying Redis configuration files or using Redis commands to prevent malicious scripts from consuming too much resources. Method 1: Modify the Redis configuration file and locate the Redis configuration file: The Redis configuration file is usually located in /etc/redis/redis.conf. Edit configuration file: Open the configuration file using a text editor (such as vi or nano): sudovi/etc/redis/redis.conf Set the Lua script execution time limit: Add or modify the following lines in the configuration file to set the maximum execution time of the Lua script (unit: milliseconds)

Centos shutdown command line Apr 14, 2025 pm 09:12 PM

The CentOS shutdown command is shutdown, and the syntax is shutdown [Options] Time [Information]. Options include: -h Stop the system immediately; -P Turn off the power after shutdown; -r restart; -t Waiting time. Times can be specified as immediate (now), minutes ( minutes), or a specific time (hh:mm). Added information can be displayed in system messages.

How to optimize CentOS HDFS configuration Apr 14, 2025 pm 07:15 PM

Improve HDFS performance on CentOS: A comprehensive optimization guide to optimize HDFS (Hadoop distributed file system) on CentOS requires comprehensive consideration of hardware, system configuration and network settings. This article provides a series of optimization strategies to help you improve HDFS performance. 1. Hardware upgrade and selection resource expansion: Increase the CPU, memory and storage capacity of the server as much as possible. High-performance hardware: adopts high-performance network cards and switches to improve network throughput. 2. System configuration fine-tuning kernel parameter adjustment: Modify /etc/sysctl.conf file to optimize kernel parameters such as TCP connection number, file handle number and memory management. For example, adjust TCP connection status and buffer size

Centos configuration IP address Apr 14, 2025 pm 09:06 PM

Steps to configure IP address in CentOS: View the current network configuration: ip addr Edit the network configuration file: sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 Change IP address: Edit IPADDR= Line changes the subnet mask and gateway (optional): Edit NETMASK= and GATEWAY= Lines Restart the network service: sudo systemctl restart network verification IP address: ip addr

Difference between centos and ubuntu Apr 14, 2025 pm 09:09 PM

The key differences between CentOS and Ubuntu are: origin (CentOS originates from Red Hat, for enterprises; Ubuntu originates from Debian, for individuals), package management (CentOS uses yum, focusing on stability; Ubuntu uses apt, for high update frequency), support cycle (CentOS provides 10 years of support, Ubuntu provides 5 years of LTS support), community support (CentOS focuses on stability, Ubuntu provides a wide range of tutorials and documents), uses (CentOS is biased towards servers, Ubuntu is suitable for servers and desktops), other differences include installation simplicity (CentOS is thin)

CentOS Containerization with Docker: Deploying and Managing Applications Apr 03, 2025 am 12:08 AM

Using Docker to containerize, deploy and manage applications on CentOS can be achieved through the following steps: 1. Install Docker, use the yum command to install and start the Docker service. 2. Manage Docker images and containers, obtain images through DockerHub and customize images using Dockerfile. 3. Use DockerCompose to manage multi-container applications and define services through YAML files. 4. Deploy the application, use the dockerpull and dockerrun commands to pull and run the container from DockerHub. 5. Carry out advanced management and deploy complex applications using Docker networks and volumes. Through these steps, you can make full use of D

See all articles