I did this step in a security tutorial for CentOS 5:



Reconfigure OpenSSH
Open /etc/ssh/sshd_config with vi and find the line with Port (enter /Port in command mode to search.) Change it to a number above 1024, I personally go with a 5-digit number no greater than 30000. Make sure you update your profile in your client to use the new port in future connections. While in sshd_config you should make some other changes, so edit or verify that the following settings match these values:

Protocol 2
MaxAuthTries 4
PermitRootLogin no
PermitEmptyPasswords no
ClientAliveInterval 600
Banner /etc/ssh/banner


I exited the session and I can't log in to root now =( I wasn't done! How can I fix this? I made a different username and password that works but it has restricted access.

There are a few things you can do:

1) As the different user, sudo su - to root
2) As the different user, su root
3) Reboot the machine and enter run level 1 (you will have to modify the boot parameters in grub)

Hope this helps

So like " sudo vi /etc/ssh/sshd_config"? I get "dekoy is not in the sudoers file. This incident will be reported."

That means you didn't setup sudoers for the user "dekoy". You may want to try to "su root". Otherwise, you may need to have someone reboot the box and go into run level 1.

In /etc/ssh/sshd_config:
PermitRootLogin no

That is a security option that should be set once you setup your user account with the correct sudo privileges.

In the future, you should just leave a root shell open if you're applying any changes that could lock you out.

You shouldn't have used this line:

PermitRootLogin no


While logged in as the other user, type "su" to change to root, edit the sshd_config again, change the above line to yes, then restart it:

/etc/init.d/sshd restart

When I type su, it askes me for a password, I enter in the one for the username I created but it says incorrect password.

You can do step 3 if you have access to the remote console or a KVM switch.

Hopefully some of the linux guru's can help you out on this, but if your running linux on a server the best thing to do would be to request a re-install to save all the time messing about.

I had a problem similar to this before and I "wasted" hours trying to sort it out and in the end I went for the re-install.

When you get a new server the best security precaution is to right away update the kernel by typing >> yum update kernel, then change the password your provider gave u buy typing passwd and creat some crazy password with lots of @%^:? ect.... and following instructions.

Sorry can't be more help to you and good luck :)

When I type su, it askes me for a password, I enter in the one for the username I created but it says incorrect password.
You need to enter the root password because you're attempting to access this user's privileges.

delete

When I type su, it askes me for a password, I enter in the one for the username I created but it says incorrect password.
You need to enter the root password because you're attempting to access this user's privileges.That doesn't work either :(

Hopefully some of the linux guru's can help you out on this, but if your running linux on a server the best thing to do would be to request a re-install to save all the time messing about.

I had a problem similar to this before and I "wasted" hours trying to sort it out and in the end I went for the re-install.

When you get a new server the best security precaution is to right away update the kernel by typing >> yum update kernel, then change the password your provider gave u buy typing passwd and creat some crazy password with lots of @%^:? ect.... and following instructions.

Sorry can't be more help to you and good luck :)

That is probably the best option right now. :)

Ughh, I'll go ahead and do it. Thanks for all the help!

hmm, I think su to root should definitely work. This is such a minor thing to have to re-install for. You sure you put the root password in correctly?

su should definitely work for you, like naq already said. You don't specify the error message you received but you confirmed earlier that the user you login as is allowed to use the command (else you wouldn't even get the wrong password message).

An idea: if you're using a non-English keyboard setup on your PC there may be issues with the layout, like the common z->y on English/German keyboards.

It has already been installed, could someone recommend a guide for security on centos 5? I was having a lot of problems with the other one anyways.

You will want to update to the latest kernel and packages so run "yum update" and restart the linux machine to boot into the new kernel. Afterwards, you want to setup a local user account and give the necessary sudo privileges. This is found in /etc/sudoers. Once that is setup, you should test your sudo abilities with your local user account. That way when you lock down the root account, you will have the ability to run root commands as yourself.

Once all that is done, I would change the root password is something crazy, disable root SSH logins through /etc/ssh/sshd_config but I wouldn't recommend usermod -L or passwd -l.

Another useful tool to install is blockhosts. This is just a python script that gets invoked when people try to login to your machine. It'll block IPs after X amount of tries and send an email to /var/spool/mail informing you of any blocked and watched IPs.

Ok, I'll try that out. I have another question, when I do "yum install vnstat" it says "nothing to do". I am trying to install vnstat, am I doing it correctly?

You can try typing yum search vnstat and see if there are RPM's in CentOS' repository. However, if it isn't there, you should search from the RPM on the net for your distro or just download the source packages for vnstat and compile them if necessary.