How to secure SSH in Centos

When you first begin to approach your newly installed server, there are a few early steps you should take to make it more secure from hackers. The first tasks can include setting up a new user, providing them with the proper privileges, and configuring SSH.

Step One — Login via Root 

Step Two — Change Your Password For Root

CentOS is very cautious about the passwords it allows. After you type your password, you may see a BAD PASSWORD notice. You can either set a more complex password or ignore the message .

Step Three — Creating a New User For Root privileges

First, create your user; you can choose any name for your user.

[code]adduser username[/code]

For example here I’ve suggested secure as a user .

Second, create a new user password :

[code]passwd secure[/code]

Step Four — Assigning Root Privileges

As of yet, only root has all of the administrative capabilities. We are going to give the new user the root privileges.

Let’s go ahead and edit the sudo configuration. This can be done through the default editor, which in CentOS is called ‘vi’

[code]/usr/sbin/visudo[/code]

Find the section called user privilege specification and add the similar line below it .

To began typing in vi, press “a”.

[code]secure    ALL=(ALL)       ALL[/code]

Then to save and exit press escape , then press “:w” to write the file and to quit press “:q” .

Step Five — Configuring SSH To Disable Root Login

Open the configuration file

[code]sudo vi /etc/ssh/sshd_config[/code]

It will then look something like this :

Find the following sections and change the information where applicable:

Port 750 ( <– you can change it to any port , it will disable 22 as default port for accessing ssh)
Protocol 2
PermitRootLogin no ( <– This will disable direct root login )

It will then look something like this :-

Once the above is done , just add the below line to the bottom of the document, replacing secure with your username:

[code]AllowUsers secure[/code]

Save and Exit

Step Six — Reload and Done!

Reload SSH, and it will implement the new ports and settings.

[code]service sshd restart[/code]

Finally you can login to your SSH using the user secure with port 750 .

I hope this will help and few users to secure the SSH from unauthorized people .