Searching for a better solution to configure SSH in your knowledge middle servers? How about Webmin? Jack Wallen walks you thru among the choices for higher SSH safety utilizing this web-based GUI.
Almost each Linux server I administer is finished through SSH. Provided that I have been working with Linux for over 20 years, configuring SSH with a watch on safety is fairly easy for me. However most frequently I am doing this on smaller deployments, the place there would possibly solely be a handful of customers which have to achieve entry to the server. With these machines, I are inclined to handle the SSH configuration manually (as in enhancing the ssh_config and sshd_config recordsdata through a textual content editor).
SEE: Safety incident response coverage (TechRepublic Premium)
However what in the event you’re working with bigger deployments in knowledge facilities? You most likely do not need to must handle these configurations utilizing nano or vi. And if you have already got Webmin deployed, you may have the means to make these configuration modifications significantly simpler.
Let me present you ways.
What you may want
To make this work, you may want Webmin put in in your distribution of alternative. I’ve already coated the way to set up Webmin on Ubuntu and Rocky Linux. Give these articles a learn to get Webmin up and operating in your server distribution of alternative. After you have Webmin up and operating, you are all set to configure SSH.
How one can configure SSH through Webmin
Log into Webmin after which click on the Webmin tab after which increase the Servers entry (Determine A).
Within the SSH part (Determine B), click on Authentication.
The very first thing you may do is choose No for Permit Login by Root (Determine C). As soon as you’ve got achieved that, click on Save. In case you plan to arrange SSH key authentication, you may need to go away Permit Authentication by Password set to Sure till you get your key authentication arrange for all customers that distant into that server.
Click on Return to Module Index after which click on Entry Management. On this window (Determine D), you may configure which customers and teams are allowed to entry the server through SSH.
In case you choose to go the group route, you may must first create the brand new group and add customers to the brand new group. That is all taken care of in System | Customers, and Teams. Say, for example, you’ve got created a brand new group referred to as editorial and added the mandatory customers. As soon as you’ve got achieved that, return to the SSH Entry Management, click on the test field to the precise of All (related to Solely Permit Members of Teams), after which kind editorial within the textual content subject. Click on Save and return to the Module index. As soon as within the index, click on Apply Modifications. At this level, you’ve got restricted SSH entry to solely the customers in that group. Simply make sure that to check the brand new configuration earlier than you do anything.
Subsequent, you would possibly take into account configuring SSH to make use of a non-standard port. For that, click on on the Networking possibility within the Webmin SSH config window. Right here (Determine E), you may change the default port from 22 to no matter you’d quite use.
As soon as you’ve got modified the port, make sure that to click on Save after which click on Apply Modifications within the module index. One factor to contemplate, nevertheless, is in the event you’re engaged on a Linux distribution that employs SELinux, you may want to tell the safety system of the change to the brand new port. Out of the field, Webmin would not embody an SELinux module, so that you’d must handle that manually with a command like:
sudo semanage port -a -t ssh_port_t -p tcp 2112
As soon as you’ve got achieved that, SSH could be accessed like so:
ssh 192.168.1.169 -p 2112
And that is how one can extra simply configure SSH utilizing the Webmin GUI. When you may have a big knowledge middle stuffed with Linux servers, that is the extra environment friendly (and simpler) solution to go.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the most recent tech recommendation for enterprise execs from Jack Wallen.