centos6.5 SSH Security optimization, modify the default port name, disable root telnet

First, modify the default port number

The first step:

Vi/etc/sysconfig/iptables

Add the configuration of the modified port number

-A input-p tcp-m state--state new-m TCP--dport 22001-j ACCEPT

In this example, 22001 ports are used

Save the configuration and restart the firewall after adding.

Service Iptables Save (save firewall configuration)
Service iptables Restart (restart firewall)

----can see if a success has been added through the/etc/init.d/iptables status command.

Step Two:

Vi/etc/ssh/sshd_config

Remove the # comment symbol before Port 22

Add Port 22001

Restart SSH service after saving

Service sshd Restart

The third step: Use the SECURECRT and other SSH connection tool test, test successfully delete the 22 port firewall configuration and port settings.

The port number is not modified directly to prevent errors during the modification process, resulting in the inability to connect to the server.

----------------------------------------

I encountered the problem: the beginning of my new port number is 2201, but how to reboot can not connect, and then changed to 220001 to succeed, the specific reason is not known.

With the range of Sysctl-a|grep Ip_local_port_range, 2201 should be allowed to be used, the actual unsuccessful, pending further study.

Second, prohibit the root user remote login

First step: Add a user with normal permissions first

#useradd Ssh_user
#passwd Ssh_user

Set Password, Confirm password

Step Two: Disable root remote SSH login:

Vi/etc/ssh/sshd_config
Put
Permitrootlogin Yes
Switch
Permitrootlogin No

Save and restart the SSH service

Service sshd Restart (or/etc/init.d/sshd restart)

Log in with the normal user ssh_user and then switch to root using the SU root operation.

centos6.5 SSH Security optimization, modify the default port name, disable root telnet