Related configuration file modification for SSH service in CentOS

Source: Internet
Author: User
Keywords SSH allow login
Tags authentication based centos change configuration etc file files

Here, we are not going to use the SSH service as the user's tool for uploading downloaded files. We only use SSH service to facilitate the remote management system. In addition, in the user authentication way, for the server and the user's security, prohibits the user password authentication way, but is based on "the key" the way.

Modification of SSH related configuration file

First modify the SSH configuration file. Follows:

[Root@sample ~]# vi/etc/ssh/sshd_config← with VI to open SSH profile #protocol 2,1← find this line will be the wardrobe "#" Delete, and then the end of the ", 1" delete, only allow the SSH2 way of the connection

↓protocol 2← changed to this state, using only SSH2

#ServerKeyBits 768← Find this line, remove the "#" from the beginning and change the 768 to http://www.aliyun.com/zixun/aggregation/12560.html ">1024 ↓serverkeybits 1024← changed to this state, the Serverkey strength changed to 1024 bits #permitrootlogin yes← find this line, remove the "#" at the beginning of the row, and change Yes to No↓permitrootlogin No← changed to this state, not allowed to log in with root #passwordauthentication yes← find this line, change to no↓passwordauthentication no← changed to this state, do not allow password mode of login #PermitEmptyPasswords no← found this line to remove the "#" of the wardrobe, do not allow null password login

↓permitemptypasswords no← changed to this state, no null password to log on

Then save and exit. (vi Save the Exit command for ZZ)

Because we just want SSH services to be convenient for the management system, in the case of remote management system without the extranet, only intranet clients are allowed to log on to the server via SSH to minimize unsafe factors. Set the method as follows:

[Root@sample ~]# vi/etc/hosts.deny← Modify the Mask rule to add the corresponding line at the end of the text

#

# Hosts.deny This file describes the names of the hosts abound are

# *not* even to with the local INET services, as decided

# by the '/USR/SBIN/TCPD ' server.

#

# The Portmap line is redundant, but it are left to remind

# The new secure Portmap uses Hosts.deny and Hosts.allow. In particular

# You should know that NFS uses portmap!

sshd:all← Add this line to mask all SSH connection requests [Root@sample ~]# vi/etc/hosts.allow← Modify the Allow rule to add the corresponding line at the end of the text

#

# Hosts.allow This file describes the names of the hosts abound are

# even to with the local INET services, as decided

# by the '/USR/SBIN/TCPD ' server.

#

sshd:192.168.0. ← Add this line, only allow SSH connection requests from intranet

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.