CentOS Production machine Disable root remote SSH login

Method One

Many owners have a Linux host, whether it is a virtual machine or physical machine, generally we connect remotely, are used SSH (Secureshell based on the application layer and the transport layer on the basis of the security protocol).

It defaults to port 22 and can be logged on by default using root. This is very dangerous on the Internet, we can only change its default port (although it will still be detected by the port scan), disable root login, to relatively improve security.

1. Modify the SSH default port a. The command line temporarily modifies the SSH default port is 22, for security reasons, now modify the SSH port is 1433, modify the method as follows:

/usr/sbin/sshd-p 1433

B. Modify the configuration file, permanently modify

vim/etc/ssh/sshd_config# then modify to port 8888

Restart sshd

Service sshd Restart

2. Use remote connection software, port 8888, remote connection. To increase security, first add a user with normal permissions:

Useradd sshuserpasswd sshuser# Set the password, must be a complex password, write down with the book, Lest You Forget

3. The production machine prohibits root remote SSH login: #vi/etc/ssh/sshd_config

Permitrootlogin Yes

Switch

Permitrootlogin No

Restarting the SSHD service

Service sshd Restart

Remote Management log in with normal user sshuser, then switch to root user with Su root to get the highest privileges

Method two in the/etc/default/login file, add a line to the SET command:

CONSOLE =/dev/tty01

is set to take effect immediately, without rebooting. Later, the user can only login in the console (/DEV/TTY01) root to limit root telnet, but also restricts the LAN user root login, to the administrator's Daily maintenance work brings many inconvenience. Reference: http://www.2cto.com/os/201207/142420.htmlhttp://www.centoscn.com/CentosSecurity/CentosSafe/2014/0606/3104.html

CentOS Production machine Disable root remote SSH login