First VPS #2 : Connecting via SSH.

   Yesterday morning WordPress 4.0.1 came. They say it is an update for fixing security issues, especially XSS. I encourage you to update to the version immediately if its not updated automatically. When I read “An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding).”, I laughed despite myself. But I wouldn’t be laughing (Sigh).

   CentOS7 provides SSH feature by default. After changing OS, I connected to the VPS by SSH client named TeraTerm. Of course, you can use other SSH client software, for example, PuTTY, WinSCP, etc. The default SSH server version is 6.4p1-8 now.

   The default setting was less secure because I could connect to the VPS as a root user with root-password. So I changed the settings.

   Before this, I made a public key and a private key by TeraTerm. I set a passphrase to the private key. Of course, I can make the keys on the server, but in such a case I have to have the private key via the Internet. I hate this.

||First, to edit Sudoers File||

  1. Log in VPS Control Panel and click “リモートコンソール”, and then click “VNCコンソールを開く”.
  2. Click “HTML5モードで開く” within 60 seconds. QEMU pop-up in another window.
  3. # usermod -G wheel centos  <--- "centos" is one of normal users I add to the Sudoers File. # visudo
    The Sudoers File opens.
  4. Search the line includes “wheel” by the command ‘/wheel’.
    If you find “#” at the head of “%wheel ALL=(ALL) ALL”, remove “#”. But I found no “#” with the head, so I had nothing to do.
    Note) How to use visudo is the same as how to use the vim editor.
  5. Quit visudo.
  6. # su - centos
  7. $ sudo shutdown -h now
  8. At the first time you use ‘sudo’, you have the followings.

    We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

    And it requires your password like this.
    [sudo] password for centos:

  9. You can confirm the server halted at the page “VPS ホーム”. Reboot the server.

||Second, to install the package policycoreutils-python||

  1. Log on QEMU again. Install the package policycoreutils-python because I need the ‘semanage’ command for changing SSH port.
    # yum install policycoreutils-python

||Third, to change SSH settings||

  1. Run TeraTerm (ttermpro.exe). Log in VPS as the user “centos” with password.
  2. Drag&Drop the public key (id_rsa.pub) to TeraTerm Window. TeraTerm has SCP(Secure Copy Protocol) feature. Click “SCP” button.
  3. $ mkdir .ssh
    $ chmod 700 .ssh
    $ cat id_rsa.pub > .ssh/authorized_keys
    $ chmod 600 .ssh/authorized_keys
    $ rm -f id_rsa.pub
  4. $ su -
    Password:  <--- Type the root password.
  5. # vi /etc/ssh/sshd_config
    The sshd_config opens.
  6. #Port22  —>  Port****
    #PermitRootLogin yes  —>  PermitRootLogin no
    PasswordAuthentication yes  —>  PasswordAuthentication no
     
    Overwrite and save the sshd_config.

    # systemctl restart sshd.service

    Note) **** is one of the numbers other than well-known ports. But the numbers are 0 – 65535.

  7. # firewall-cmd --permanent --zone=public --add-port=****/tcp
    # firewall-cmd --reload
    # semanage port -a -t ssh_port_t -p tcp ****
  8. # exit
    $ exit
    The connection is terminated.
  9. Run TeraTerm (ttermpro.exe) again. Log in VPS as the user “centos” with key authentication. At the time, use the new SSH port (****) and you need the passphrase of the private key.
  10. I used ‘sudo’ command via SSH.

    $ sudo firewall-cmd --list-all
    public (default, active)
      interfaces: eth0
      sources:
      services: dhcpv6-client ssh
      ports: ****/tcp
      masquerade: no
      forward-ports:
      icmp-blocks:
      rich rules:

   Mission complete!!

   By the way, I updated my PHP to 5.6.3 on Nov. 15th. ChangLog