Yesterday morning WordPress 4.0.1 came. They say it is an update for fixing security issues, especially XSS. I encourage you to update to the version immediately if its not updated automatically. When I read “An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding).”, I laughed despite myself. But I wouldn’t be laughing (Sigh).
CentOS7 provides SSH feature by default. After changing OS, I connected to the VPS by SSH client named TeraTerm. Of course, you can use other SSH client software, for example, PuTTY, WinSCP, etc. The default SSH server version is 6.4p1-8 now.
The default setting was less secure because I could connect to the VPS as a root user with root-password. So I changed the settings.
Before this, I made a public key and a private key by TeraTerm. I set a passphrase to the private key. Of course, I can make the keys on the server, but in such a case I have to have the private key via the Internet. I hate this.
||First, to edit Sudoers File||
- Log in VPS Control Panel and click “リモートコンソール”, and then click “VNCコンソールを開く”.
- Click “HTML5モードで開く” within 60 seconds. QEMU pop-up in another window.
- #
usermod -G wheel centos<— “centos” is one of normal users I add to the Sudoers File.
#visudo
The Sudoers File opens. - Search the line includes “wheel” by the command ‘/wheel’.
If you find “#” at the head of “%wheel ALL=(ALL) ALL”, remove “#”. But I found no “#” with the head, so I had nothing to do.
Note) How to use visudo is the same as how to use the vim editor. - Quit visudo.
- #
su - centos - $
sudo shutdown -h now - At the first time you use ‘sudo’, you have the followings.We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.And it requires your password like this.
[sudo] password for centos: - You can confirm the server halted at the page “VPS ホーム”. Reboot the server.
||Second, to install the package policycoreutils-python||
- Log on QEMU again. Install the package policycoreutils-python because I need the ‘semanage’ command for changing SSH port.
#yum install policycoreutils-python
||Third, to change SSH settings||
- Run TeraTerm (ttermpro.exe). Log in VPS as the user “centos” with password.
- Drag&Drop the public key (id_rsa.pub) to TeraTerm Window. TeraTerm has SCP(Secure Copy Protocol) feature. Click “SCP” button.
- $
mkdir .ssh
$chmod 700 .ssh
$cat id_rsa.pub > .ssh/authorized_keys
$chmod 600 .ssh/authorized_keys
$rm -f id_rsa.pub - $
su -
Password: <— Type the root password. - #
vi /etc/ssh/sshd_config
The sshd_config opens. - #Port22 —> Port****
#PermitRootLogin yes —> PermitRootLogin no
PasswordAuthentication yes —> PasswordAuthentication no
Overwrite and save the sshd_config.#
systemctl restart sshd.serviceNote) **** is one of the numbers other than well-known ports. But the numbers are 0 – 65535.
- #
firewall-cmd --permanent --zone=public --add-port=****/tcp
#firewall-cmd --reload
#semanage port -a -t ssh_port_t -p tcp **** - #
exit
$exit
The connection is terminated. - Run TeraTerm (ttermpro.exe) again. Log in VPS as the user “centos” with key authentication. At the time, use the new SSH port (****) and you need the passphrase of the private key.
- I used ‘sudo’ command via SSH.$
sudo firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports: ****/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
Mission complete!!
By the way, I updated my PHP to 5.6.3 on Nov. 15th. ChangLog