Last week, the RedHatEnterpriseLinux server was attacked by a Romanian hacker through the ssh service on port 22. After the server was reinstalled, the port had to be changed, so the operation was performed, this operation is obtained from the network's predecessors. There are two ways to modify it. I used the second method, and the result showed that it is feasible: 1) If you want to change the SSH default port (22), then modify: in/etc/ssh/sshd_config, set Port22 to the port you want.
Last week, the Red Hat Enterprise Linux server was attacked by a Romanian hacker through the ssh service on port 22. After the port was reinstalled, the hacker had to change the port, so he performed the operation, this operation is obtained from the network's predecessors. There are two ways to modify it. I used the second method and the result shows that it is feasible:
I:
1) modify the SSH default port (22:
Port 22 in/etc/ssh/sshd_config. Change 22 to the Port you want to set.
2) If you want to restrict the SSH Login IP address, you can do the following:
I) Modify/etc/hosts. deny and add sshd: ALL
Ii) Modify/etc/hosts. allow and perform the following settings: sshd: 102.198.100.241
In this way, only the 102.198.100.241 IP address is logged on to the Linux machine through SSH.
II:
1) modify the configuration file
Vi/etc/ssh/sshd_config
Find the section # Port 22, which indicates that Port 22 is used by default and changed to the following:
Port 22
Port 49999
Save and exit
2) run/etc/init. d/sshd restart.
In this way, the SSH port will work on both 22 and 49999.
3) edit the firewall configuration: vi/etc/sysconfig/iptables
4) enable port 50000.
Run/etc/init. d/iptables restart
Now, use the ssh tool to connect to port 49999 to test whether the connection is successful. If the connection is successful, edit the settings of sshd_config again and delete Port22.
The reason for setting two ports first and then disabling one after the test is successful is to prevent unknown situations such as disconnection, network disconnection, and misoperation during the conf modification process, you can also connect to the debugging through another port to avoid the need to send people to the data center if the connection fails, making the problem more complicated and troublesome.