For the perspective of security, Linux VPS should do some action for security hardening. Some of rules are also applicable for Linux server. This post based on CentOS 7.
- 1.1 Disable root ssh login
Disabled root log from ssh, you must create a normal user before do that.
- 1.2 Modify default ssh port
Port xxx # from 0 ~ 65535
But don't use any port from range 0 to 1024, most of them are known port for other important service, such as HTTP 80 port.
- 1.3 Enable two-factor authorization
Using RSA public keys instead:
# generate public rsa key from local server
ssh-keygen -t rsa
# copy public key to remote server
ssh-copy-id -i ~/.ssh/id_rsa.pub <Your Username for remote server>@<Your IP or Hostname> -p <Your SSH port>
Enable two factor authentication:
Add ssh port to firewall whitelist.
# Install semanage first, for selinux policy management
yum provides /usr/sbin/semanage
# Tell selinux the new port
semanage port -a -t ssh_port_t -p tcp <PORT_NUM>
# Add whitelist to the firewall
firewall-cmd --permanent --zone=public --add-port=<PORT_NUM>/tcp
firewall-cmd --add-port <PORT_NUM>/tcp
# Reload firewall
# Restart sevice and check the result
systemctl restart sshd.service
semanage port -l | grep ssh
ss -tnlp | grep ssh
- Generate random strong password:
openssl rand -base64 10
- Disable ping