After you have setup your server (See:How to Setup Virtualmin on CentOS 5) SSH is one of the first things you need secure, and make sure it is done well as you will receive many attacks on this part of your system. This short guide will show how to do this easily on a Virtualmin System.

** I have also gone a step further and setup two-factor authentication on SSH – this is as secure as you will get without getting crazy – you can find the guide here: How To: CentOS Two-factor SSH and Virtualmin Authentication via Google-Authenticator

It contains these easy steps:

1. Create a new user

(See: How to: CentOS Virtualmin create new user )

2. SSH config change

Navigate to your sites Virtualmin Control Panel:

https://server1.example.com:10000

or

https://x.x.x.x:10000   ##  where x.x.x.x is you server IP

 

Then click on the WEBMIN link on the TOP LEFT:

  Virtualmin  Webmin

Click on the:

Servers>>> SSH Server

Click on:

Edit Config Files

 Find and change the following:

#Port 22
#PermitRootLogin yes

Change the port to some other port like 2526 and change the PermitRootOption to NO – also remove the #`s:

 You will have to make sure the port you choose here is open in your firewall, and then also close port 22. I will cover that later.

Port 2526
PermitRootLogin no

You could also choose to only allow certain users to be able to login via SSH by adding this option :

AllowUsers username

## where username is the new user you created

There are many other things you could do with SSH to secure it even more. But I will only cover this right here.

Click on:

Then click on:

In the main SSH Server page that will load after you click on Save.

3. Open the new SSH port and close the old port (22) on your firewall

 (If you have not yet setup a firewall script see: How to: CentOS 5 and Virtualmin Firewall Init Script )

Click on:

System >>> Bootup and Shutdown

Click on the:

 Firewall link

 The Firewall script will come up so you can edit it as you would any normal text file.

Press Ctrl + F and Find 22

The firewall rule should look something like this.

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Replace that one line / firewall / iptables rule with these:

##SSH
iptables -A INPUT -p tcp --dport 22 --syn -j DROP
iptables -A INPUT -p tcp --dport 2526 -j ACCEPT
iptables -A INPUT -p tcp --dport 2526 --syn -m limit --limit 1/m --limit-burst 3 -j ACCEPT

## the 1st rule is to close port 22

## the 2nd rule is to open port 2526 (replace that with the port you chose)

## the 3rd rule it to help filezilla and other ftp clients work better.

Now Check the –

 Firewall

Scroll all the way to the bottom and click on:

 

Then click on the VIRTUALMIN link on the TOP LEFT:

  Virtualmin  Webmin

 Then click on:

 System Information

Click on: Status

Then click on the    icon in the SSH Server row to restart SSH.

 

Now you should be ready to use your SSH program again and login – with the new user and new port.

Test to make sure that you cant log in on port 22, with root or any other user.

How to: CentOS Virtualmin secure SSH
Tagged on:                                         

Leave a Reply

Your email address will not be published. Required fields are marked *

2 thoughts on “How to: CentOS Virtualmin secure SSH