Yesterday morning WordPress 4.0.1 came. They say it is an update for fixing security issues, especially XSS. I encourage you to update to the version immediately if its not updated automatically. When I read “An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding).”, I laughed despite myself. But I wouldn’t be laughing (Sigh).
CentOS7 provides SSH feature by default. After changing OS, I connected to the VPS by SSH client named TeraTerm. Of course, you can use other SSH client software, for example, PuTTY, WinSCP, etc. The default SSH server version is 6.4p1-8 now.
The default setting was less secure because I could connect to the VPS as a root user with root-password. So I changed the settings.
Before this, I made a public key and a private key by TeraTerm. I set a passphrase to the private key. Of course, I can make the keys on the server, but in such a case I have to have the private key via the Internet. I hate this.
||First, to edit Sudoers File||
- Log in VPS Control Panel and click “リモートコンソール”, and then click “VNCコンソールを開く”.
- Click “HTML5モードで開く” within 60 seconds. QEMU pop-up in another window.
usermod -G wheel centos<— “centos” is one of normal users I add to the Sudoers File.
The Sudoers File opens.
- Search the line includes “wheel” by the command ‘/wheel’.
If you find “#” at the head of “%wheel ALL=(ALL) ALL”, remove “#”. But I found no “#” with the head, so I had nothing to do.
Note) How to use visudo is the same as how to use the vim editor.
- Quit visudo.
su - centos
sudo shutdown -h now
- At the first time you use ‘sudo’, you have the followings.We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
And it requires your password like this.
[sudo] password for centos:
- You can confirm the server halted at the page “VPS ホーム”. Reboot the server.
||Second, to install the package policycoreutils-python||
- Log on QEMU again. Install the package policycoreutils-python because I need the ‘semanage’ command for changing SSH port.
yum install policycoreutils-python
||Third, to change SSH settings||
- Run TeraTerm (ttermpro.exe). Log in VPS as the user “centos” with password.
- Drag&Drop the public key (id_rsa.pub) to TeraTerm Window. TeraTerm has SCP(Secure Copy Protocol) feature. Click “SCP” button.
chmod 700 .ssh
cat id_rsa.pub > .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
rm -f id_rsa.pub
Password: <— Type the root password.
The sshd_config opens.
- #Port22 —> Port****
#PermitRootLogin yes —> PermitRootLogin no
PasswordAuthentication yes —> PasswordAuthentication no
Overwrite and save the sshd_config.
systemctl restart sshd.service
Note) **** is one of the numbers other than well-known ports. But the numbers are 0 – 65535.
firewall-cmd --permanent --zone=public --add-port=****/tcp
semanage port -a -t ssh_port_t -p tcp ****
The connection is terminated.
- Run TeraTerm (ttermpro.exe) again. Log in VPS as the user “centos” with key authentication. At the time, use the new SSH port (****) and you need the passphrase of the private key.
- I used ‘sudo’ command via SSH.$
sudo firewall-cmd --list-all
public (default, active)
services: dhcpv6-client ssh