SSH General purpose
Provide shell to resolve Telnet unsecured transfer
1. Modify the default SSH default port
Vi/etc/ssh/sshd_config
Restart after modification
>systemctl Restart sshd
SSH security and configuration best practices
1, configuration root cannot shh login
> Vi/etc/ssh/sshd_config
After the configuration is complete, restart the SSH service
The connection does not take effect, prompting to reject the password
2. SSH access control (restricted network segment)
Vi/etc/hosts.deny
Reject All
Connection not on
Deny 192.168.1 network segment SSH
This way, only 2 network segments are rejected, so you can connect
3. SSH access Control (limited account)
Vi/etc/ssh/sshd_config
Restrict test and Root login
4, SSH only applicable agreement 2
Vi/etc/ssh/sshd_config
Remove comments, need to restart, only support SSH protocol 2, does not support 1
5. SSH password error number and limit null password
Vi/etc/ssh/sshd_config
Restart Service
6. SSH Restricted Intranet Login
This will only 130ssh log in.
Configuring SSH identity Authentication
Vi/etc/ssh/sshd_config
Systemctl Restart sshd
1. Using public and private keys
Ssh-keygen-t RSA (This is the case with test)
Enter------------password------Confirm password
The first file is a private key
The second file is a public key
Upload test's private key to Test1.
Ssh-copy-id
Enter the test1 password
Successfully uploaded
Switch to Test1
Cd. SSH
Ll
The private key of test was found
At this time we use test to go to the user login test1, need to enter a password, not test1 password
Turn from
It Essentials Linux security Koriyuki SSH usage, security, identity authentication, and configuration ...
http://www.toutiao.com/i6468624808778138125/
It Essentials Linux security Koriyuki SSH usage, security, identity authentication and configuration ... "Go"