You recently got that shiny CentOS server up and running. You logged in a couple more times only to find out that it’s got lot’s of failed login attempts.. WTF?!! You’re being brute forced.
One solution is to enable SSH, and only use SSH. Here’s how you do it.
Download PuTTY (includes PuTTYgen which we will use later):
https://www.ssh.com/ssh/putty/download
Binary | Platform | Signature | Date |
---|---|---|---|
putty-0.70-installer.msi | Windows (any) | GPG signature | 017-07-08 |
putty-64bit-0.70-installer | Windows (64-bit) | GPG signature | 2017-07-08 |
- Install PuTTY
- Run PuttYgen
- Change the number of bits as needed (usually 2048 is enough but I prefer 4096)
- Click on the generate button
- Put in a key passphrase
- Save the generated public and private keys
- Run PuTTY
- Fill in your host name and click on connect
- Login like usual as root
First we will need to create the directories for the authorized keys file. Issue the following commands:
- mkdir ~/.ssh
- chmod 0700 ~/.ssh
- touch ~/.ssh/authorized_keys
- chmod 0644 ~/.ssh/authorized_keys
Install nano (or your favorite editor):
- yum install nano
Edit the authorized_keys file:
- nano ~/.ssh/authorized_keys
Copy the generated public key from PuTTYgen
Paste the text into the nano editor:
- Hit ^X to exit saving changes
From here we can connect now using the SSH keys.
- Start a new PuTTY Session
- On the left pane of the PuTTY windows navigate to Connection -> Data
- Fill in the Auto-login username as ‘root’
- Then navigate to Connection -> Data -> SSH -> Auth
- Browse for the the saved private key you did in the first step
- From here you can save the connection (so you don’t need to do them all over again) and click on connect
- Now this time it should not ask for your login credentials, instead it will ask for your passphrase from the earlier steps
Disable Username-Password Logins
Now that you’re all set, its always a good idea to disable username logins.
- nano /etc/ssh/sshd_config
Find the elements from the filer and change it to as shown below:
PasswordAuthentication no UsePAM no
- ^X to exit and save
- Then reboot – shutdown -r now
That’s it. Happy SSH!