Today, I want to share with you how to change the default ssh port in linux and how to restrict the logon of a specified IP address and prevent the ROOT user from logging on to the server remotely.
1. Modify the default SSH port
The Code is as follows: |
Copy code |
// Modify the configuration file Vi/etc/ssh/sshd_config // Modify # Port 22 as follows: Port 22 Port 888 // Restart the SSH service /Etc/init. d/sshd restart |
In this way, SSH ports 22 and 888 are valid at the same time.
The Code is as follows: |
Copy code |
// Modify the firewall configuration Vi/etc/sysconfig/iptables // Enable port 888 -A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 888-j ACCEPT // Restart the Firewall /Etc/init. d/iptables restart |
Now you can use the SSH tool to connect to port 888 to test whether the connection is successful. If the connection is successful, edit the sshd_config settings and the firewall port, delete Port22, and restart the ssh service and firewall access rules.
2. Remote ROOT Login prohibited
The Code is as follows: |
Copy code |
// Add a user with normal permissions first Useradd phpha_com Passwd phpha_com // Disable ROOT remote SSH Login Vi/etc/ssh/sshd_config // Modify PermitRootLogin yes // Change PermitRootLogin no // Restart the sshd service Service sshd restart |
Remote Management: log on to phpha_com as a common user. Then, use su root to switch to the root user and obtain the highest permission.
3. Restrict SSH logon IP addresses
<1> Add IP addresses allowed for access
The Code is as follows: |
Copy code |
Vi/etc/hosts. allow Sshd: 115.183.13.130 |
<2> disable all other IP addresses
The Code is as follows: |
Copy code |
Vi/etc/hosts. deny Sshd: ALL |