Yesterday morning WordPress 4.0.1 came. They say it is an update for fixing security issues, especially XSS. I encourage you to update to the version immediately if its not updated automatically. When I read “An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding).”, I laughed despite myself. But I wouldn’t be laughing (Sigh).
CentOS7 provides SSH feature by default. After changing OS, I connected to the VPS by SSH client named TeraTerm. Of course, you can use other SSH client software, for example, PuTTY, WinSCP, etc. The default SSH server version is 6.4p1-8 now.
The default setting was less secure because I could connect to the VPS as a root user with root-password. So I changed the settings.
Before this, I made a public key and a private key by TeraTerm. I set a passphrase to the private key. Of course, I can make the keys on the server, but in such a case I have to have the private key via the Internet. I hate this.
||First, to edit Sudoers File||
- Log in VPS Control Panel and click “リモートコンソール”, and then click “VNCコンソールを開く”.
- Click “HTML5モードで開く” within 60 seconds. QEMU pop-up in another window.
usermod -G wheel centos<--- "centos" is one of normal users I add to the Sudoers File. #
The Sudoers File opens.
- Search the line includes “wheel” by the command ‘/wheel’.
If you find “#” at the head of “%wheel ALL=(ALL) ALL”, remove “#”. But I found no “#” with the head, so I had nothing to do.
Note) How to use visudo is the same as how to use the vim editor.
- Quit visudo.
su - centos
sudo shutdown -h now
- At the first time you use ‘sudo’, you have the followings.
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
And it requires your password like this.
[sudo] password for centos:
- You can confirm the server halted at the page “VPS ホーム”. Reboot the server.
||Second, to install the package policycoreutils-python||
- Log on QEMU again. Install the package policycoreutils-python because I need the ‘semanage’ command for changing SSH port.
yum install policycoreutils-python
||Third, to change SSH settings||
- Run TeraTerm (ttermpro.exe). Log in VPS as the user “centos” with password.
- Drag&Drop the public key (id_rsa.pub) to TeraTerm Window. TeraTerm has SCP(Secure Copy Protocol) feature. Click “SCP” button.
chmod 700 .ssh
cat id_rsa.pub > .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
rm -f id_rsa.pub
Password: <--- Type the root password.
The sshd_config opens.
- #Port22 —> Port****
#PermitRootLogin yes —> PermitRootLogin no
PasswordAuthentication yes —> PasswordAuthentication no
Overwrite and save the sshd_config.
systemctl restart sshd.service
Note) **** is one of the numbers other than well-known ports. But the numbers are 0 – 65535.
firewall-cmd --permanent --zone=public --add-port=****/tcp
semanage port -a -t ssh_port_t -p tcp ****
The connection is terminated.
- Run TeraTerm (ttermpro.exe) again. Log in VPS as the user “centos” with key authentication. At the time, use the new SSH port (****) and you need the passphrase of the private key.
- I used ‘sudo’ command via SSH.
sudo firewall-cmd --list-all
public (default, active)
services: dhcpv6-client ssh