1. ① use ls-l/etc/init. d/sshd command to view sshd service ② view sshd process through ps-ef | grepsshd Command 2. one difference between ssh_config and sshd_config represents a local client and a server: 3. use ll/etc/ssh/s
1.
① Run the ls-l/etc/init. d/sshd command to view the sshd service.
② Run the ps-ef | grep sshd command to view the sshd process.
2. the difference between ssh_config and sshd_config indicates that the local client represents the server:
3. run the ll/etc/ssh/sshd_config command to view the sshd configuration file:
4. before modifying the configuration file, back up the file in the format of host name time and date. here, back up/etc/ssh/sshd_config to/etc/ssh/sshd_config.you.20160222.
5. run the set nu command in vi command mode to set the row number:
6. modify the configuration file as follows:
A. change "yes" of useDNS to "no:
B. convert the original listening address 0.0.0.0 to the intranet IP address 192.168.65.130:
After modifying the listening address, the sshd service only accepts or only uses 192.168.65.130 as the valid ip address:
C. change "yes" to "no" for disabling root remote connection:
D. search for GSSAuthentication and change the default yes value to no:
F. modify the port number to change the original remote connection port 22 to 52113:
7. modify the sshd configuration in batches:
A. directly paste the configuration to be modified into/etc/ssh/sshd_config (it seems that the level of no is more advanced ?)
B. use the sed command for batch modification: sed-ir '13 iport 52113 \ nPermitRootLogin no \ nPermitEmptyPasswds no \ nUseDNS no \ nGSSAPIAuthentication no 'sshd_config
8. compare the differences between the original file and the modified file:
1. use the diff command:
2. use the vimdiff command (more powerful and highlighted ):
9. restart the sshd service through the/etc/init. d/sshd restart and/etc/init. d/sshd reload commands to make the configuration take effect:
10. Dos may occur after the configuration file has been modified:
Apparently, because the previous port number was changed from 22 to 52113, but the session options of the fast connection of SecureCRT were not changed, it does not match the natural connection:
After the modification, you can log on again and find that you can connect again:
If the port is modified, the connection that logs in with the port before modification is still active and the connection fails once it is logged out: