1. edit the firewall configuration: vi/etc/sysconfig/iptables firewall adds new port 7022-AINPUT-mstate -- stateNEW-mtcp-ptcp -- dport7022-jACCEPT ============== ==================================## Firewallconfigu 1. edit the firewall configuration: vi/etc/sysconfig/iptables firewall adds a NEW port 7022-A INPUT-m state -- state NEW-m tcp-p tcp -- dport 7022-j ACCEPT ====== ====================================================#firewall configuration written by system -config-firewall # Manual customization This file is not recommended. * filter: input accept [0: 0]: forward accept [0: 0]: output accept [0: 0]-a input-m state -- state ESTABLISHED, RELATED-j ACCEPT-A INPUT-p icmp-j ACCEPT-A INPUT-I lo-j ACCEPT-A INPUT-m state -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT-A INPUT-m state -- state NEW-m tcp-p tcp -- dport 7022-j ACCEPT-A INPUT-j REJECT -- reject-with icmp-host-prohibited-a forward-j RE JECT -- reject-with icmp-host-prohibitedCOMMIT restart the firewall to make the configuration take effect:/etc/init. d/iptables restartservice iptables restart ================================== 2. back up the ssh port configuration file cp/etc/ssh/ssh_config/etc/ssh/ssh_configbakcp/etc/ssh/sshd_config/etc/ssh/ sshd_configbak: 7022vi/etc/ssh/sshd_config add Port 7022vi/etc/ssh/ssh_config under Port # Port 22 add Port 7022 restart under Port # Port 22:/etc/init. d/sshd restartservice ss After hd restart can be normally connected through Port 7022, repeat the above steps. If Port 22 is disabled, then ssh can only be connected through Port 7022! Enhances system security. ========================================================== = /Etc/ssh/sshd_config find PermitRootLogin, change "yes" to "no" and comment "#" to cancel the preceding remarks. in this way, the root user cannot log on remotely! You can log in with a common account, use the su root command to switch to the root account ======================== ========================================================== === 4. restrict SSH access for users. suppose we only need root, users of user1 and user2 can use the system through SSH, add vi/etc/ssh/sshd_configAllowUsers rootuser1user2 ================ to the sshd_config configuration file ========================================================== ===== 5. configure the idle time-out exit interval. you can log on to the server through ssh, you can set an idle timeout interval. Open the sshd_config configuration file and set it to the following. Vi/etc/ssh/sshd_configClientAliveInterval 600 ClientAliveCountMax 0 the preceding example sets the idle timeout interval to 600 seconds, that is, 10 minutes. after this time, idle users will be automatically kicked out (it can be understood as logged out/logged out ). ========================================================== =========================================== 6. only one IP address can be remotely restricted. log on to the server vi/etc/hosts. deny # Add sshd: ALLvi/etc/hosts to it. allow # make the following settings: sshd: 192.168.1.1 # (only allow the IP address 192.168.1.1 to log on to the server remotely) and restart the ssh service:/etc/init. d/sshd restart
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
