Modify SSH default port | restrict SSH logon IP addresses | disable ROOT remote logon

Modify SSH default port | restrict SSH logon IP addresses | disable ROOT remote logon

1. modify the default SSH Port

 
 

  
  
// Modify the configuration file
  
  
Vi/etc/ssh/sshd_config
  
  
// Modify # Port 22 as follows:
  
  
Port 22
  
  
Port 888
  
  
// Restart the SSH service
  
  
/Etc/init. d/sshd restart
 
 

In this way, SSH ports 22 and 888 are valid at the same time.

 
 

  
  
// Modify the firewall configuration
  
  
Vi/etc/sysconfig/iptables
  
  
// Enable Port 888
  
  
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 888-j ACCEPT
  
  
// Restart the firewall
  
  
/Etc/init. d/iptables restart
 
 

Now you can use the SSH tool to connect to Port 888 to test whether the connection is successful. If the connection is successful, edit the sshd_config settings and the firewall port, delete Port22, and restart the ssh service and firewall access rules.

[Tianya PHP blog]-[http://blog.phpha.com]

2. remote ROOT login prohibited

 
 

  
  
// Add a user with normal permissions first
  
  
Useradd phpha_com
  
  
Passwd phpha_com
  
  
// Disable ROOT remote SSH login
  
  
Vi/etc/ssh/sshd_config
  
  
// Modify
  
  
PermitRootLogin yes
  
  
// Change
  
  
PermitRootLogin no
  
  
// Restart the sshd service
  
  
Service sshd restart
 
 

Remote Management: log on to phpha_com as a common user. Then, use su root to switch to the root user and obtain the highest permission.

[Tianya PHP blog]-[http://blog.phpha.com]

3. restrict SSH logon IP addresses

<1> add IP addresses allowed for access

 
 

  
  
vi /etc/hosts.allow
  
  
sshd: 115.183.13.130
 
 

<2> disable all other IP addresses

 
 

  
  
vi /etc/hosts.deny
  
  
sshd: ALL