- CentOS 7.4 but should also work with others
- current state: root with password
- working SSH client with key pair
yum update
yum install epel-release
yum install nano htop tmux
useradd USERNAME && passwd USERNAME
usermod -aG wheel USERNAME
- on client get public key
cat ~/.ssh/id_rsa.pub
- create key file
mkdir ~/.ssh; nano ~/.ssh/authorized_keys
- paste public key and save
- protect keyfile
chmod 700 -R ~/.ssh && chmod 600 ~/.ssh/authorized_keys
line numbers from openBSD config v 1.1
- edit config
sudo nano /etc/ssh/sshd_config
- line 38
PermitRootLogin no
- line 65
PasswordAuthentication no
- line 38
- reload daemon
sudo systemctl restart sshd
For more configurations and email support follow https://www.linode.com/docs/security/using-fail2ban-for-security
- Install
sudo yum install fail2ban
- Enable
systemctl start fail2ban
systemctl enable fail2ban
- Config
- use local config files (local>conf)
sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- Enable SSH Jail
sudo nano /etc/fail2ban/jail.local
[DEFAULT] backend = systemd [sshd] enabled = true
- Reload
sudo fail2ban-client reload
- Status
sudo fail2ban-client status
- install dependencies
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
- add repo
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- install docker
sudo yum install docker-ce
- start docker
sudo systemctl start docker
- test docker
sudo docker run hello-world