SSH configuration in Linux
SSH is a common method for logging on to a Linux server. However, for security considerations, we sometimes need to perform some special processing on SSH. This article records some of the changes I have made for your reference.
1. Modify the ssh port
SSH uses port 22 by default. to change it to another port, modify/Etc/ssh/sshd_configFile
# Port 22
Comment out, modify it to the required port (such as 8888), and then run the following command to restart the SSH service:
Service sshd restart
2. Disable the remote SSH logon permission of the root user
If you do not want the root user to log on remotely, follow these steps: VI/etc/ssh/sshd_config Set # Permitrootlogin Yes Comment out, change Yes to no, and restart the SSH service (reboot is recommended here)
3. Disable remote logon for certain users
1. Modify/etc/PAM. d/sshd
Add a line after # % PAM-1.0:
Auth required pam_listfile.so item = user sense = allow file =/etc/ssh_users onerr = fail
2. Enable user remote Logon (for example, allow remote logon to CHB ):
Echo CHB>/etc/ssh_users
3. Disable remote Logon:
Rm-RF/etc/ssh_users
In the above example, the file is simply deleted. In fact, if a user is not allowed to log on, delete the user from the ssh_users file.