[CentOS] Help: Server security compromised?

Wed Aug 6 13:39:50 UTC 2008
D Steward <dsteward at internode.on.net>

Hi, the more completely you lock down a server, the harder it will be
for you to do some useful work on it.
These matters require a balance between security and ease-of-use for the
admins.
Its especially important not to cut your bridges when administering a
remote server.

Despite many people advising to use keys and change ports etc etc, you
really only need to do 3 things to stop dead any unauthorised SSH
logins:
1. prevent direct root logins
2. create a user account (just for SSH logins) with an unusual name and
give that account a very good password (20 character alphanumeric). Only
allow that user to login via SSH.
3. give root a password of similar complexity.

Doing just these three will ensure that not only will no-one ever be
likely to get in via SSH, but you will be able to SSH in from anywhere
from any computer.

Furthermore, when doing any work with firewalls or ssh on a remote
server, you must *always* have more than one SSH shell open. Don't close
the last shell until you have tested your changes and are confident you
won't lock yourself out.