Modify the SSH default remote connection port to 3333
1. Edit the firewall configuration:
VI /etc/sysconfig/iptables
Firewall New Port 3333, the method is as follows:
3333 -j ACCEPT
Specifically, this is done:
======================================================================# Firewall configuration written by System-config-firewall# Manual Customization of thisfileis not recommended.*filter:input ACCEPT [0:0]:forward ACCEPT [0:0]:output ACCEPT [0:0]-A input-m state--state established,related-J ACCEPT-A input-p ICMP-J ACCEPT-A input-i lo-J ACCEPT-A input-m state--state new-m tcp-p TCP--dport A-J ACCEPT-A input-m state--state new-m tcp-p TCP--dport3333-J ACCEPT-A input-j REJECT--reject-with icmp-host-prohibited-A forward-j REJECT--reject-with icmp-host-Prohibitedcommit
After that, restart the firewall for the configuration to take effect:
/etc/init.d/iptables restart
Or
Service Iptables Restart
The firewall policy is written in the/etc/sysconfig/iptables file. If there are no iptables files found under/etc/sysconfig/, workaround:
1. Write a iptables command to configure a firewall rule. such as: Iptables-p OUTPUT ACCEPT.
cd/etc/sysconfig/-P OUTPUT ACCEPT
2. Service Iptables Save
/etc/sysconfig/iptables:[ OK ]lscbq htcacheclean init modules Network quota_nld samba sendmail sshdconsole httpd iptables named Network-scripts readonly-root sandbox snmpd udevcrond i18n iptables -config netconsole networking rsyslog saslauthd snmptrapd xinetd
3. Service iptables Restart command restart:
/etc/init.d/iptables restartiptables:flushing Firewall rules: [ OK ]iptables:setting chains to Policy Accept:raw filter mangl[ OK ]iptables:unloading modules: [ OK ]iptables:applying Firewall rules: [ OK ]
Or
Service iptables restartiptables:flushing Firewall rules: [ OK ]iptables:setting chains to policy Accept:raw filter mangl[ OK ]iptables:unloading modules: [ OK ]iptables:applying firewall Rules: [ OK ]
2. Backing up the SSH port configuration file
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Or
cp /etc/ssh/ssh_config /etc/ssh/ssh_config.bak
Modify the SSH port to 3333
vi /etc/ssh/3333
Remove the # and add the port 3333 below port .
Restart:
/etc/init.d/sshd restart
Or
Service sshd Restart
After the 3333 port can be connected normally, return to repeat the above steps. The 22 port is disabled, and then SSH can only be connected with 3333 Port! Enhance the security of the system.
3. Disable root login via SSH
vi /etc/ssh/sshd_config
Find Permitrootlogin, change the following yes to No, the previous comment # is canceled, so root cannot log in remotely!
You can log in with a regular account and use the command SU root to switch to the root account when using root
4. Restrict SSH access to users
Suppose we just root,user1 and user2 users can use the system via SSH to add to the Sshd_config configuration file
vi /etc/ssh/sshd_configallowusers root user1 user2
5. Configure idle time-out interval
Users can log on to the server via SSH, and you can set an idle time-out interval.
Open the Sshd_config configuration file, set as follows.
vi /etc/ssh/0
The above example sets an idle time-out interval of 600 seconds, or 10 minutes,
After this time, the idle user will be kicked out automatically (can be understood as exit login/Logoff).
6. Limit only one IP to telnet to the server
vi /etc/hosts.deny #在其中加入sshd:allvi /etc/hosts.allow #在其中进行如下设置: sshd: 192.168. 1.1 # (only 192 is allowed.) 168.1. 1 This IP telnet server)
Finally, restart the SSH service:
/etc/init.d/sshd restart
Linux modifies SSH ports and disables root telnet (Lab CentOs)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
