Configure SSH in cybersecurity Series 25

Source: Internet
Author: User

Remote Management of Windows Servers mostly relies on remote desktop, while remote management of Linux servers mostly relies on SSH.

The full name of SSH is secure shell, which replaces the previous Telnet Remote logon tool. The biggest feature of SSH is that users can encrypt all transmitted data, so that even if hackers in the network can hijack the data transmitted by users, it cannot pose a real threat to data transmission. In addition, ssh data transmission is compressed to speed up transmission. This is why SSH can replace Telnet Remote logon.

In RHEL, the SSH service is a software named OpenSSH, and the service process name is sshd. By default, the software has been installed and the service has been started.

[[Email protected] ~] #Service sshd status

Openssh-daemon (PID 3004) is running...

The default port number of SSH is TCP 22, and the configuration file is/etc/ssh/sshd_config.

Common configuration items in the configuration file include:

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" image "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201411/5/70821_1415228621bOIM.png "Height =" 187 "/>

  • Port 22: Specifies the listening port number;

  • Listenaddress: Specifies the IP address of the listener;

  • Permitrootlogin: whether to allow the root user to log on remotely using SSH. Default Value: allow. To enhance security, you can set this parameter to yes. In this way, the administrator can only log on through a common user and then run the Su-command to switch to the root user.

  • Permitemptypasswords: whether to allow remote logon by a user with an empty password. The default value is no.

  • Logingracetime: limits the time of the User Logon verification process. The default value is 2 MB, 2 minutes.

  • Maxauthtries: Limit the maximum number of user retries during logon. The default value is 6.

In addition, you can manually add the following settings in the configuration file:

650) This. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-Right: 0px; "Title =" image "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201411/5/70821_1415228621y6N5.png "Height =" 66 "/>

  • Denyusers: Deny logon to a specified user. All Users except the specified user are allowed.

  • Allowusers: allows only the specified user to log on. All Users except the specified user are rejected. [Email protected] indicates that only the admin user is allowed to log on from a client with the IP address 61.23.24.25.

Note: denyusers and allowusers cannot be used at the same time.

This article is from the "one pot of turbidity wine" blog. For more information, please contact the author!

Configure SSH in cybersecurity Series 25

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.