Some regulations on ssh

Source: Internet
Author: User
Some standards of ssh refer to public networks as public networks. Since I put the server on the public network and remotely enabled SSH for maintenance and management, we can see from the monitoring screen that there have never been any friends from Latvia, Liaoning, and India visiting my server. Sometimes, for convenience, it may not work... information & some standards related to ssh are called public networks, which are public networks. Since I put the server on the public network and remotely enabled SSH for maintenance and management, we can see from the monitoring screen that there have never been any friends from Latvia, Liaoning, and India visiting my server. Sometimes, root + high-density password is enabled for ssh login for convenience of failover. When I went up and looked at syslog tonight, your sister's friend visited me from Liaoning from! It is necessary to strengthen security awareness and immediately take the following measures: www.2cto.com for security requirements 1. after the system root user changes the original root password: *** after the root user changes the password: * ********* root # passwd 2. direct logon to the root user is prohibited: 1. modify the vi/etc/ssh/sshd_config File 1. modify the default Port: the default Port is 22 and has been commented out. modify the comment to remove the comment, and change it to another port. Originally, the default port 22 was used to change to 8975. 2. remote login to the root user was prohibited. the default port PermitRootLogin was yes and commented out. the comment was removed and changed to no. Create a user www.2cto.com for remote logon: ***** password: ********* use root to switch over! Dude! 3. PermitEmptyPasswords no. empty password user login is not allowed. 4. restrict the user to log on to vi/etc/sshd_config and add a line to the last line. me is the specified user AllowUsers me. if it is multiple users: allowUsers a B C note that there are spaces in the middle, instead of semicolons 5. specify the number of attempts to password vi/etc/sshd_config MaxAuthTries 3. after you have completed the operation, you can restart the service sshd! A little better!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.