Configure SSH in cybersecurity Series 25

Remote Management of Windows Servers mostly relies on remote desktop, while remote management of Linux servers mostly relies on SSH.

The full name of SSH is secure shell, which replaces the previous Telnet Remote logon tool. The biggest feature of SSH is that users can encrypt all transmitted data, so that even if hackers in the network can hijack the data transmitted by users, it cannot pose a real threat to data transmission. In addition, ssh data transmission is compressed to speed up transmission. This is why SSH can replace Telnet Remote logon.

In RHEL, the SSH service is a software named OpenSSH, and the service process name is sshd. By default, the software has been installed and the service has been started.

[[Email protected] ~] #Service sshd status Openssh-daemon (PID 3004) is running...

The default port number of SSH is TCP 22, and the configuration file is/etc/ssh/sshd_config.

Common configuration items in the configuration file include:

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" image "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201411/5/70821_1415228621bOIM.png "Height =" 187 "/>

• Port 22: Specifies the listening port number;

• Listenaddress: Specifies the IP address of the listener;

• Permitrootlogin: whether to allow the root user to log on remotely using SSH. Default Value: allow. To enhance security, you can set this parameter to yes. In this way, the administrator can only log on through a common user and then run the Su-command to switch to the root user.

• Permitemptypasswords: whether to allow remote logon by a user with an empty password. The default value is no.

• Logingracetime: limits the time of the User Logon verification process. The default value is 2 MB, 2 minutes.

• Maxauthtries: Limit the maximum number of user retries during logon. The default value is 6.

In addition, you can manually add the following settings in the configuration file:

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" image "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201411/5/70821_1415228621y6N5.png "Height =" 66 "/>

• Denyusers: Deny logon to a specified user. All Users except the specified user are allowed.

• Allowusers: allows only the specified user to log on. All Users except the specified user are rejected. [Email protected] indicates that only the admin user is allowed to log on from a client with the IP address 61.23.24.25.

Note: denyusers and allowusers cannot be used at the same time.

This article is from the "one pot of turbidity wine" blog. For more information, please contact the author!

Configure SSH in cybersecurity Series 25