Home >Operation and Maintenance >Linux Operation and Maintenance >Securing your Linux server: Authentication with the command line
Securing your Linux server: Authentication with the command line
In today's digital age, protecting the security of your server has become even more important. As a Linux server administrator, you need to take a series of security measures to ensure that the server is not subject to malicious intrusions and unauthorized access. One of the key security measures is to use strong authentication methods. This article will explain how to use command line authentication to strengthen the security of your Linux server.
1. Use SSH key pair for authentication
SSH (Secure Shell) is a commonly used remote login protocol that uses encrypted communication for communication. Using SSH key pairs for authentication is more secure and reliable than traditional username and password authentication. Here are the steps to set up an SSH key pair:
Generate an SSH key pair: Open a terminal and enter the following command:
$ ssh-keygen -t rsa - b 4096
The above command will generate a 4096-bit RSA key pair.
Upload the public key to the server: Use the following command to upload the public key to the server:
$ ssh-copy-id username@servername
Replace username with your username and servername with your server address.
Test SSH connection: Use the following command to test whether the SSH connection is successful:
$ ssh username@servername
If the connection is successful, you will not need to enter it again. password.
2. Use multi-factor authentication
Multi-factor authentication (MFA) is a more secure authentication method that requires the user to provide two or more an independent authentication factor. On a Linux server, you can use Google Authenticator to implement MFA. Here are the steps to set up Google Authenticator:
Install Google Authenticator: Open a terminal and enter the following command to install Google Authenticator:
$ sudo apt-get install libpam-google -authenticator
This will install the Google Authenticator library.
Set up Google Authenticator: Enter the following command to configure Google Authenticator:
$ google-authenticator
During the configuration process, you will be asked to answer a few question and generate a QR code.
Configure the PAM module: Use a text editor to open the /etc/pam.d/sshd file and add the following content:
auth required pam_google_authenticator.so
Make sure this line comes before ChallengeResponseAuthentication.
Restart the SSH service: Enter the following command to restart the SSH service:
$ sudo service ssh restart
This will make Google Authenticator take effect.
3. Disable root user authentication
The root user is a super user with full permissions on the Linux server. In order to improve the security of the server, we usually recommend disabling direct login as the root user. Instead, you can create a regular user and give it sudo permissions. Here are the steps to disable the root user:
Create a new user: Create a new user using the following command:
$ sudo adduser username
will Replace username with the username you want to create.
Give sudo permissions to the new user: Enter the following command to give sudo permissions to the new user:
$ sudo usermod -aG sudo username
Change username Replace with the username you created.
Disable root user login: Edit the /etc/ssh/sshd_config file using the following command:
$ sudo nano /etc/ssh/sshd_config
Find the following line in the file:
PermitRootLogin yes
Change the line to:
PermitRootLogin no
Save the file and restart the SSH service:
$ sudo service ssh restart
Now, your Linux server will not allow the root user to log in directly.
Through the above three steps, you can use the command line to implement more secure authentication to strengthen the security of your Linux server. SSH key pairs, multi-factor authentication and disabling root logins can greatly reduce the risk of malicious intrusions and unauthorized access. Therefore, it is crucial to ensure that you use these security measures when managing and protecting your Linux server. Protect your server and keep your data safe.
The above is the detailed content of Securing your Linux server: Authentication with the command line. For more information, please follow other related articles on the PHP Chinese website!