First, modify the default port number
The first step:
Vi/etc/sysconfig/iptables
Add the configuration of the modified port number
-A input-p tcp-m state--state new-m TCP--dport 22001-j ACCEPT
In this example, 22001 ports are used
Save the configuration and restart the firewall after adding.
Service Iptables Save (save firewall configuration)
Service iptables Restart (restart firewall)
----can see if a success has been added through the/etc/init.d/iptables status command.
Step Two:
Vi/etc/ssh/sshd_config
Remove the # comment symbol before Port 22
Add Port 22001
Restart SSH service after saving
Service sshd Restart
The third step: Use the SECURECRT and other SSH connection tool test, test successfully delete the 22 port firewall configuration and port settings.
The port number is not modified directly to prevent errors during the modification process, resulting in the inability to connect to the server.
----------------------------------------
I encountered the problem: the beginning of my new port number is 2201, but how to reboot can not connect, and then changed to 220001 to succeed, the specific reason is not known.
With the range of Sysctl-a|grep Ip_local_port_range, 2201 should be allowed to be used, the actual unsuccessful, pending further study.
Second, prohibit the root user remote login
First step: Add a user with normal permissions first
#useradd Ssh_user
#passwd Ssh_user
Set Password, Confirm password
Step Two: Disable root remote SSH login:
Vi/etc/ssh/sshd_config
Put
Permitrootlogin Yes
Switch
Permitrootlogin No
Save and restart the SSH service
Service sshd Restart (or/etc/init.d/sshd restart)
Log in with the normal user ssh_user and then switch to root using the SU root operation.
centos6.5 SSH Security optimization, modify the default port name, disable root telnet