We all know that CentOS comes with root access disabled for the outside world by default. This means that you can not directly log in as a root user via SSH, but you can still go ahead and utilize root privileges by using the ‘sudo’ command instead. However, sometimes it is more convenient to log in direct as the root user. That’s why in this article, we will talk about how to enable, disable and secure the SSH login to your server when attempting to log in as root.
To enable SSH connections through Session Manager On the managed instance to which you want to enable SSH connections, do the following: Ensure that SSH is running on the instance. (You can close inbound ports on the instance.). Enable root login over SSH Now that virt-v2v is installed, the conversion server must be prepared to accept P2V client connections. The P2V client connects to the conversion server as root using SSH, so root login over SSH must be allowed on the conversion server. To allow outbound packets from your SSH daemon to the SSH client you need to add the following rule: iptables -A OUTPUT -p tcp -sport 22 -j ACCEPT You might also want to add destination IP criteria to the above rule, if you are only connecting from a single location.
Before we start, we will need several requirements to be fulfilled before continuing this tutorial.
Requirements:
- Installed CentOS;
- Access via SSH to your VPS;
- A regular user that can use ‘su’ or ‘sudo’ to gain root privileges;
Login to your CentOS VPS via SSH as a regular user with sudo privileges:
Disable SSH Root Login
In order to disable the root login, we need to modify the main ssh configuration file “sshd_config” with a text editor of your choice. In our example, we will use nano as an editor.
Now search for this line below in the file.
Uncomment the line by removing the ‘#’ from the beginning of the line. The line in the file should look like this:
By executing the following command we will restart the SSH daemon service:
Now when we try to log in as the root user, you should get an “Access Denied” error.
At this point, you are not able to log in directly as root, but you can still log in as a normal user with sudo privileges and use ‘sudo’ or ‘su’ command to switch to the root user. For example:
Enable SSH Root Login
In order to enable logging in as root, we need to modify the main ssh configuration file “sshd_config” with a text editor of your choice. In our example, we will use nano as an editor.
Find the following line in the file.
Comment the line out by adding a ‘#’ at the beginning of the line, or change ‘no’ to ‘yes’ like in the examples shown below.
or
After we save the file we should restart the sshd service.
You can now try to log in directly as a root user.
Secure SSH Access in CentOS 7
In this section, we will provide you with a few simple tips on how to secure the SSH access on your CentOS 7 server.
Changing the SSH Server Port
In order to change the Standard listening Port, you need to modify the SSH configuration file by using the command below:
Allow Ssh Connection Linux
Next, you need to find the line that refers to the port number. After you find the port number which (the default value should be 22), you can edit the default one to the number you prefer.
When you are finished with editing, press Ctrl+O, and then press Ctrl+X in order to save and exit.
Restart the SSH daemon service by executing the command:
Disabling SSH Protocol 1
There are two versions of SSH protocols: SSHv1, and SSHv2. Using the SSHv1 protocol is not recommended because it’s an older version and is less secure than the newer SSHv2 protocol. In the next section, we will disable SSHv1. If you need this version for any reason, then you can ignore this part.
Open the SSH configuration file with this command:
Uncomment the line
and edit it to:
Now we should restart the SSH service in order for the new configuration to take effect. We can do that by executing this command:
Disabling root access is also one of the ways to secure your SSH server, which we showed you at the beginning of the article.
In this tutorial, we learned how to disable and enable the root login in SSH.
We also learned how to secure the SSH server by changing the port number, disabling root access and disabling the SSH protocol SSHv1.
If you are one of our managed VPS hosting clients, you can simply ask our system administrators to Enable or Disable root login through SSH on your CentOS server. They are available 24/7 and will take care of your request immediately.
If you find this blog post useful, please share it with your friends via social media networks, or if you have any questions please leave a comment below and we will reply to it. Thanks!
Ubuntu Allow Ssh Connections
-->This article is for Windows users who want to create and use secure shell (SSH) keys to connect to Linux virtual machines (VMs) in Azure. You can also generate and store SSH keys in the Azure portal to use when creating VMs in the portal.
To use SSH keys from a Linux or macOS client, see the quick steps. For a more detailed overview of SSH, see Detailed steps: Create and manage SSH keys for authentication to a Linux VM in Azure.
Overview of SSH and keys
SSH is an encrypted connection protocol that allows secure sign-ins over unsecured connections. SSH is the default connection protocol for Linux VMs hosted in Azure. Although SSH itself provides an encrypted connection, using passwords with SSH still leaves the VM vulnerable to brute-force attacks. We recommend connecting to a VM over SSH using a public-private key pair, also known as SSH keys.
The public-private key pair is like the lock on your front door. The lock is exposed to the public, anyone with the right key can open the door. The key is private, and only given to people you trust because it can be used to unlock the door.
The public key is placed on your Linux VM when you create the VM.
The private key remains on your local system. Protect this private key. Do not share it.
When you connect to your Linux VM, the VM tests the SSH client to make sure it has the correct private key. If the client has the private key, it's granted access to the VM.
Depending on your organization's security policies, you can reuse a single key pair to access multiple Azure VMs and services. You do not need a separate pair of keys for each VM.
Your public key can be shared with anyone, but only you (or your local security infrastructure) should have access to your private key.
Supported SSH key formats
Azure currently supports SSH protocol 2 (SSH-2) RSA public-private key pairs with a minimum length of 2048 bits. Other key formats such as ED25519 and ECDSA are not supported.
SSH clients
Recent versions of Windows 10 include OpenSSH client commands to create and use SSH keys and make SSH connections from PowerShell or a command prompt. This is the easiest way to create an SSH connection to your Linux VM, from a Windows computer.
You can also use Bash in the Azure Cloud Shell to connect to your VM. You can use Cloud Shell in a web browser, from the Azure portal, or as a terminal in Visual Studio Code using the Azure Account extension.
You can also install the Windows Subsystem for Linux to connect to your VM over SSH and use other native Linux tools within a Bash shell.
Create an SSH key pair
Create an SSH key pair using the ssh-keygen
command. Enter a filename, or use the default shown in parenthesis (for example C:Usersusername/.ssh/id_rsa
). Enter a passphrase for the file, or leave the passphrase blank if you do not want to use a passphrase.
Create a VM using your key
To create a Linux VM that uses SSH keys for authentication, provide your SSH public key when creating the VM.
Using the Azure CLI, you specify the path and filename for the public key using az vm create
and the --ssh-key-value
parameter.
With PowerShell, use New-AzVM
and add the SSH key to the VM configuration using`. For an example, see Quickstart: Create a Linux virtual machine in Azure with PowerShell.
If you do a lot of deployments using the portal, you might want to upload your public key to Azure, where it can be easily selected when creating a VM from the portal. For more information, see Upload an SSH key.
Connect to your VM
With the public key deployed on your Azure VM, and the private key on your local system, SSH to your VM using the IP address or DNS name of your VM. Replace azureuser and 10.111.12.123 in the following command with the administrator user name, the IP address (or fully qualified domain name), and the path to your private key:
If you configured a passphrase when you created your key pair, enter the passphrase when prompted.
If the VM is using the just-in-time access policy, you need to request access before you can connect to the VM. For more information about the just-in-time policy, see Manage virtual machine access using the just in time policy.
Next steps
For information about SSH keys in the Azure portal, see Generate and store SSH keys in the Azure portal to use when creating VMs in the portal.
For detailed steps, options, and advanced examples of working with SSH keys, see Detailed steps to create SSH key pairs.
You can also use PowerShell in Azure Cloud Shell to generate SSH keys and make SSH connections to Linux VMs. See the PowerShell quickstart.
If you have difficulty using SSH to connect to your Linux VMs, see Troubleshoot SSH connections to an Azure Linux VM.
Comments are closed.