After you have setup your server (See:How to Setup Virtualmin on CentOS 5) SSH is one of the first things you need secure, and make sure it is done well as you will receive many attacks on this part of your system. This short guide will show how to do this easily on a Virtualmin System.
** I have also gone a step further and setup two-factor authentication on SSH – this is as secure as you will get without getting crazy – you can find the guide here: How To: CentOS Two-factor SSH and Virtualmin Authentication via Google-Authenticator
It contains these easy steps:
1. Create a new user
(See: How to: CentOS Virtualmin create new user )
2. SSH config change
Navigate to your sites Virtualmin Control Panel:
https://x.x.x.x:10000 ## where x.x.x.x is you server IP
Then click on the WEBMIN link on the TOP LEFT:
Click on the:
Servers>>> SSH Server
Find and change the following:
#Port 22 #PermitRootLogin yes
Change the port to some other port like 2526 and change the PermitRootOption to NO – also remove the #`s:
You will have to make sure the port you choose here is open in your firewall, and then also close port 22. I will cover that later.
Port 2526 PermitRootLogin no
You could also choose to only allow certain users to be able to login via SSH by adding this option :
## where username is the new user you created
There are many other things you could do with SSH to secure it even more. But I will only cover this right here.
Then click on:
In the main SSH Server page that will load after you click on Save.
3. Open the new SSH port and close the old port (22) on your firewall
(If you have not yet setup a firewall script see: How to: CentOS 5 and Virtualmin Firewall Init Script )
System >>> Bootup and Shutdown
Click on the:
The Firewall script will come up so you can edit it as you would any normal text file.
Press Ctrl + F and Find 22
The firewall rule should look something like this.
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Replace that one line / firewall / iptables rule with these:
##SSH iptables -A INPUT -p tcp --dport 22 --syn -j DROP iptables -A INPUT -p tcp --dport 2526 -j ACCEPT iptables -A INPUT -p tcp --dport 2526 --syn -m limit --limit 1/m --limit-burst 3 -j ACCEPT
## the 1st rule is to close port 22
## the 2nd rule is to open port 2526 (replace that with the port you chose)
## the 3rd rule it to help filezilla and other ftp clients work better.
Now Check the –
Scroll all the way to the bottom and click on:
Then click on the VIRTUALMIN link on the TOP LEFT:
Then click on:
Click on: Status
Then click on the icon in the SSH Server row to restart SSH.
Now you should be ready to use your SSH program again and login – with the new user and new port.
Test to make sure that you cant log in on port 22, with root or any other user.
2 thoughts on “How to: CentOS Virtualmin secure SSH”
I found this video tutorial helpful to change default port of Virtualmin,