Linux Admin Zone

In a CentOS 5.5 host, we were requested to upgrade openssh to its latest version. Here are steps I took to quickly do the upgrade. You may like to compile it from source or can take my way of installing it from some repository.

Checking existing verison shows 4.3p2:

$ ssh -v
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

simply tried upgrading by running yum using default repositories but it didn’t find any latest version. To grab the latest one, I have installed the CentALT repository, which usually have latest packages. I’ve documented the steps to install it in earlier post here. After having installed CentALT, I tried again but found some dependency issue:

This is going to be very short post

SSH v1 is not very safe and if you are looking to pass your site/server for PCI compliance then you must disable it. Don’t worry it is too easy to do.
Open /etc/ssh/sshd_config file and disable version 1:

$ vi /etc/ssh/sshd_config

find line: #Protocol 2,1 and remove 1 from it and then un-comment it, the final line should look like this:

$ cat /etc/ssh/sshd_config | grep Protocol
Protocol 2

Restart SSH service to apply changes.

$ service sshd restart

How would you ensure security of your production Linux Server? Should you can be happy with default configuration there in place or there’s are things which we must implement for enhancing security aspects? Of course, Yes. Here I’m writing 5 steps which I usually take to tighten security in Server. This doesn’t means these are Best thing you can do or You don’t need to do anything else. There are many ways and remember securing your Server is a never ending process, So keep an eye open and check your Server regularly.

I was amazed to hear from my friend that one of their server got hacked and reason may be that their part-time admin set password of root user as ‘admin’. Wow!! can’t believe it! They dont have right to cry about security attacks as they themselves keep their door opens

I’ve suggested them some points as per described below for ensuring secure access to servers. They have 5-6 Linux servers. This is obviously may not be the best way and I’m as always appreciate if you can give your suggestion in comments. My approach is that from 6 servers, we will be able to login only in 2 servers from remote through key based access and from these 2 server, we can access remaining. Here’s what we did:

Hosting my wordpress blog in GoDaddy was a big mistake, I realized this when one of my regular visitor alerted me that my blog is having suspicious activity. I promptly downloaded all of my blog files in my local system to scan and that operation took around 2 hours because of terrible FTP download rate from GoDaddy. Upon looking inside the files, almost all php files were having suspicious code and certainly infected by some malware. I did a clean of each and every file including database scan for any malicious records, users etc (referred this while cleaning). Uploaded all new files by replacing existing completely. I checked my logs and thought for a while about why such thing happened. My wordpress version was latest, strong FTP password and in fact no regular FTP activities from my side. I’ve Mac for myself. So I didnt’ found any reason and forgot that incident.