1. Modify SSH telnet port to 5000
Input Vi/etc/ssh/sshd_config
Port #把 ' #Port 22 ' changed to ' Port '; ( remember to remove the # number before it takes effect )
#AddressFamilyany
#ListenAddress0.0.0.0
#ListenAddress::
Enter the service sshd restart #重启SSH服务;
2. Firewall Add port
By default iptables only a subset of ports, using additional ports such as ' 5000 ' need to add a whitelist in iptables
Vi/etc/sysconfig/iptables
(If no iptables input command
# iptables-p OUTPUT ACCEPT
# Service Iptables Save
)
Join-a input-p tcp-m tcp--dport 5000-j ACCEPT
As follows:
Generated by Iptables-save v1.4.7 on Fri Jul 14 21:19:06 2017
*filter
: INPUT ACCEPT [55:3,250]
-A input-p tcp-m tcp--dport 5000-j ACCEPT <-Join
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [31:2,530]
COMMIT
# completed on Fri Jul 14 21:19:06 2017
Enter service iptables restart
To see if the port is open
/etc/sysconfig/iptables-l-N
3. Security Enhancement Chapter
First, add a user with normal permissions and set the password:
# Useradd Admin
# passwd IMPSW
The server does not allow root login:
# Vi/etc/ssh/sshd_config
#LoginGraceTime2m
#PermitRootLoginno #将 ' Permitrootlogin yes ' instead of ' Permitrootlogin no '
#StrictModesyes
#MaxAuthTries6
#MaxSessions10
# servicesshd Restart #重启SSH服务;
Remote management with the normal user admin login, and then switch to the root user with Suroot to get the highest privileges.
Linux Modify SSH telnet Port--server Security Chapter