Modify SSH port and restrict IP logon and disable ROOT remote Logon

Today, I want to share with you how to change the default ssh port in linux and how to restrict the logon of a specified IP address and prevent the ROOT user from logging on to the server remotely.

1. Modify the default SSH port

The Code is as follows:	Copy code
// Modify the configuration file Vi/etc/ssh/sshd_config // Modify # Port 22 as follows: Port 22 Port 888 // Restart the SSH service /Etc/init. d/sshd restart

In this way, SSH ports 22 and 888 are valid at the same time.

The Code is as follows:	Copy code
// Modify the firewall configuration Vi/etc/sysconfig/iptables // Enable port 888 -A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 888-j ACCEPT // Restart the Firewall /Etc/init. d/iptables restart

Now you can use the SSH tool to connect to port 888 to test whether the connection is successful. If the connection is successful, edit the sshd_config settings and the firewall port, delete Port22, and restart the ssh service and firewall access rules.

2. Remote ROOT Login prohibited

The Code is as follows:	Copy code
// Add a user with normal permissions first Useradd phpha_com Passwd phpha_com // Disable ROOT remote SSH Login Vi/etc/ssh/sshd_config // Modify PermitRootLogin yes // Change PermitRootLogin no // Restart the sshd service Service sshd restart

Remote Management: log on to phpha_com as a common user. Then, use su root to switch to the root user and obtain the highest permission.

3. Restrict SSH logon IP addresses

<1> Add IP addresses allowed for access

The Code is as follows:	Copy code
Vi/etc/hosts. allow Sshd: 115.183.13.130

<2> disable all other IP addresses

The Code is as follows:	Copy code
Vi/etc/hosts. deny Sshd: ALL