SSH configuration in Linux

SSH configuration in Linux

 

SSH is a common method for logging on to a Linux server. However, for security considerations, we sometimes need to perform some special processing on SSH. This article records some of the changes I have made for your reference.

1. Modify the ssh port

SSH uses port 22 by default. to change it to another port, modify/Etc/ssh/sshd_configFile

# Port 22

Comment out, modify it to the required port (such as 8888), and then run the following command to restart the SSH service:

Service sshd restart

2. Disable the remote SSH logon permission of the root user

If you do not want the root user to log on remotely, follow these steps: VI/etc/ssh/sshd_config Set # Permitrootlogin Yes Comment out, change Yes to no, and restart the SSH service (reboot is recommended here)

3. Disable remote logon for certain users

1. Modify/etc/PAM. d/sshd

Add a line after # % PAM-1.0:

Auth required pam_listfile.so item = user sense = allow file =/etc/ssh_users onerr = fail

2. Enable user remote Logon (for example, allow remote logon to CHB ):

Echo CHB>/etc/ssh_users

3. Disable remote Logon:

Rm-RF/etc/ssh_users

In the above example, the file is simply deleted. In fact, if a user is not allowed to log on, delete the user from the ssh_users file.