First modify the configuration file ssh Port change method
Vi/etc/ssh/sshd_config
Find #Port 22 This sentence, here is the identity by default use 22 port, modified to the following:
Port 22 does not remove number 22nd because no new port number is determined to be used properly
Port 888
And then save the exit
Perform/etc/init.d/sshd restart reboot SSH service
This way the SSH port will work concurrently with 22 and 800.
Edit firewall configuration now: Vi/etc/sysconfig/iptables
Enable port 800 (copy 1 22 port code and change 22 to 888).
Perform/etc/init.d/iptables restart reboot Firewall service
Next use Putty to 888 port landing, if normal, you can put the SSH configuration file in the port 22 deleted, remove and restart SSH service, you can.
The next step is to prevent the root user from logging in remotely
Also, before you prohibit the root user from logging in, add an ordinary user, such as User1,
Add User1 user #useradd user1
#passwd User1 set User1 user's password
Then log in with the new user, and then execute the SU root terminal will require you to enter the root user's password, if correct, you can switch to the root permissions for higher privileges of the operation.
When all of the above steps are normal, you can start to disable root logging, or modify this configuration file Vi/etc/ssh/sshd_config
Find #permitrootlogin Yes, remove the previous # annotation and change Yes to No, save and exit.
Then restart the SSH service.
When you use the root user to log in, you will be rejected.
to enhance security
Add a user with normal permissions first:
#useradd Uploader
#passwd Uploader
Set Password
The production machine prohibits root remote SSH logon:
#vi/etc/ssh/sshd_config
Put
Permitrootlogin Yes
To
Permitrootlogin No
Restart the sshd service
#service sshd Restart