Disable root and SSH port change methods in Linux

Source: Internet
Author: User
Tags ssh iptables port number ssh port firewall

First modify the configuration file ssh Port change method

Vi/etc/ssh/sshd_config

Find #Port 22 This sentence, here is the identity by default use 22 port, modified to the following:

Port 22 does not remove number 22nd because no new port number is determined to be used properly

Port 888

And then save the exit

Perform/etc/init.d/sshd restart reboot SSH service

This way the SSH port will work concurrently with 22 and 800.

Edit firewall configuration now: Vi/etc/sysconfig/iptables

Enable port 800 (copy 1 22 port code and change 22 to 888).

Perform/etc/init.d/iptables restart reboot Firewall service


Next use Putty to 888 port landing, if normal, you can put the SSH configuration file in the port 22 deleted, remove and restart SSH service, you can.

The next step is to prevent the root user from logging in remotely


Also, before you prohibit the root user from logging in, add an ordinary user, such as User1,

Add User1 user #useradd user1

#passwd User1 set User1 user's password


Then log in with the new user, and then execute the SU root terminal will require you to enter the root user's password, if correct, you can switch to the root permissions for higher privileges of the operation.


When all of the above steps are normal, you can start to disable root logging, or modify this configuration file Vi/etc/ssh/sshd_config

Find #permitrootlogin Yes, remove the previous # annotation and change Yes to No, save and exit.

Then restart the SSH service.

When you use the root user to log in, you will be rejected.


to enhance security

Add a user with normal permissions first:

#useradd Uploader

#passwd Uploader

Set Password

The production machine prohibits root remote SSH logon:

#vi/etc/ssh/sshd_config

Put

Permitrootlogin Yes

To

Permitrootlogin No

Restart the sshd service

#service sshd Restart

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.