1. Modify SSH default port
The code is as follows |
Copy Code |
Modify configuration file Vi/etc/ssh/sshd_config The modified #Port 22 is as follows: Port 22 Port 888 Reboot SSH Service /etc/init.d/sshd restart |
This will also be valid for SSH Ports 22 and 888.
The code is as follows |
Copy Code |
Modify firewall configuration Vi/etc/sysconfig/iptables Enable Port 888 -A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 888-j ACCEPT Reboot firewall /etc/init.d/iptables restart |
You can now use the SSH tool to connect to port 888 to test for success. If the connection succeeds, edit the Sshd_config settings and the port of the firewall again, remove the Port22 from the inside, and then restart the access rules for the SSH service and firewall.
2. Prevent root remote Login
The code is as follows |
Copy Code |
Add a user with normal permissions first Useradd phpha_com passwd phpha_com Prevent root remote SSH logon Vi/etc/ssh/sshd_config Modify Permitrootlogin Yes To Permitrootlogin No Restart the sshd service Service sshd Restart |
Remote admin login with normal user phpha_com and then use SU root to switch to root to get maximum privileges
3. Restrict SSH login IP address
<1> add IP to allow access
The code is as follows |
Copy Code |
Vi/etc/hosts.allow sshd:115.183.13.130 |
<2> prohibit all other IP
code is as follows |
copy code |
vi/etc/hosts.deny sshd:all |