Home  >  Article  >  Operation and Maintenance  >  Securing your Linux server: Authentication with the command line

Securing your Linux server: Authentication with the command line

WBOY
WBOYOriginal
2023-09-10 11:09:261326browse

Securing your Linux server: Authentication with the command line

Securing your Linux server: Authentication with the command line

In today's digital age, protecting the security of your server has become even more important. As a Linux server administrator, you need to take a series of security measures to ensure that the server is not subject to malicious intrusions and unauthorized access. One of the key security measures is to use strong authentication methods. This article will explain how to use command line authentication to strengthen the security of your Linux server.

1. Use SSH key pair for authentication

SSH (Secure Shell) is a commonly used remote login protocol that uses encrypted communication for communication. Using SSH key pairs for authentication is more secure and reliable than traditional username and password authentication. Here are the steps to set up an SSH key pair:

  1. Generate an SSH key pair: Open a terminal and enter the following command:

    $ ssh-keygen -t rsa - b 4096

    The above command will generate a 4096-bit RSA key pair.

  2. Upload the public key to the server: Use the following command to upload the public key to the server:

    $ ssh-copy-id username@servername

    Replace username with your username and servername with your server address.

  3. Test SSH connection: Use the following command to test whether the SSH connection is successful:

    $ ssh username@servername

    If the connection is successful, you will not need to enter it again. password.

2. Use multi-factor authentication

Multi-factor authentication (MFA) is a more secure authentication method that requires the user to provide two or more an independent authentication factor. On a Linux server, you can use Google Authenticator to implement MFA. Here are the steps to set up Google Authenticator:

  1. Install Google Authenticator: Open a terminal and enter the following command to install Google Authenticator:

    $ sudo apt-get install libpam-google -authenticator

    This will install the Google Authenticator library.

  2. Set up Google Authenticator: Enter the following command to configure Google Authenticator:

    $ google-authenticator

    During the configuration process, you will be asked to answer a few question and generate a QR code.

  3. Configure the PAM module: Use a text editor to open the /etc/pam.d/sshd file and add the following content:

    auth required pam_google_authenticator.so

    Make sure this line comes before ChallengeResponseAuthentication.

  4. Restart the SSH service: Enter the following command to restart the SSH service:

    $ sudo service ssh restart

    This will make Google Authenticator take effect.

  5. Test MFA: When using the terminal to log in to the Linux server, in addition to entering the user name and password, you will also be asked to enter the verification code generated by Google Authenticator.

3. Disable root user authentication

The root user is a super user with full permissions on the Linux server. In order to improve the security of the server, we usually recommend disabling direct login as the root user. Instead, you can create a regular user and give it sudo permissions. Here are the steps to disable the root user:

  1. Create a new user: Create a new user using the following command:

    $ sudo adduser username

    will Replace username with the username you want to create.

  2. Give sudo permissions to the new user: Enter the following command to give sudo permissions to the new user:

    $ sudo usermod -aG sudo username

    Change username Replace with the username you created.

  3. Disable root user login: Edit the /etc/ssh/sshd_config file using the following command:

    $ sudo nano /etc/ssh/sshd_config

    Find the following line in the file:

    PermitRootLogin yes

    Change the line to:

    PermitRootLogin no

    Save the file and restart the SSH service:

    $ sudo service ssh restart

Now, your Linux server will not allow the root user to log in directly.

Through the above three steps, you can use the command line to implement more secure authentication to strengthen the security of your Linux server. SSH key pairs, multi-factor authentication and disabling root logins can greatly reduce the risk of malicious intrusions and unauthorized access. Therefore, it is crucial to ensure that you use these security measures when managing and protecting your Linux server. Protect your server and keep your data safe.

The above is the detailed content of Securing your Linux server: Authentication with the command line. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn