Modify OpenSSH and port 22 in CentOS

Modify OpenSSH and port 22 in CentOS

OpenSSH, port 22, and internal sensitive services are open to the outside world, which may cause security problems. Baidu webmaster college recommends that you modify them! To modify the OpenSSH port 22, use the following two methods:

First: 01 if you want to change the default Port (22) of Linux SSH, you only need to modify Port 22 in/etc/ssh/sshd_config, change 22 to the port you want to set here, but do not set the same as the existing port to avoid unknown consequences.

02 if you want to restrict the SSH Login IP address, you can do the following:

First: Modify/etc/hosts. deny and add sshd: ALL

Then, modify:/etc/hosts. allow and set sshd: 192.168.0.241 as follows:

In this way, only the IP address 192.168.0.241 can be bound to log on to the LINUX machine through SSH. Of course, as a server, I do not install gnome or KDE, and many things do not, which increases the security factor.

Second: First modify the configuration file vi/etc/ssh/sshd_config

Find the section # Port 22, which indicates that Port 22 is used by default and changed to the following:

Port 22 Port 50000 and save and exit

Execute the/etc/init. d/sshd restart command so that the SSH port will work with both 22 and 50000.

Now edit the firewall configuration: vi/etc/sysconfig/iptables

Port 50000 is enabled. Run/etc/init. d/iptables restart

Now, use the ssh tool to connect to port 50000 to test whether the connection is successful. If the connection is successful, edit the settings of sshd_config again and delete Port22.

The reason for setting two ports first and then disabling one after the test is successful is to prevent unknown situations such as disconnection, network disconnection, and misoperation during the conf modification process, you can also connect to the debugging through another port to avoid the need to send people to the data center if the connection fails, making the problem more complicated and troublesome. You won't modify it. Don't test it.