Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Ssh security reinforcement

2025-03-12 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

1. Do not use the default port: remove the comment "#" in front of Port 2022 and change the port to the port number you think is appropriate, assuming 2022

two。 Do not use protocol1: change to protocol 2

3. Limit the users who can log in

# whitelist AllowUsers user1 user2 user3... Set the users who are allowed to log in to the ssh server. Add the following content # blacklist to add users or rent

4. Set the idle session timeout:

CllientAliveInerval 60s specifies the time interval at which the server requests messages from the client. The default is 0 and is not sent. ClientAliveInterval 60 means that it is sent every 60 seconds, and then the client responds, thus maintaining a long connection

ClientAliveCountMax 3 means that after the server makes a request, the client does not respond to a certain number of times, it is automatically disconnected. Under normal circumstances, the client will not be unresponsive.

5. Using the firewall to set the ssh access policy only allows the specified IP scope access login iptables only allows the specified IP

6. Let ssh listen to a reliable and secure IP address instead of all local IP addresses # ListenAddress 192.168.1.1 and remove the preceding #

7. Use a strong password policy (no empty passwords)

For example, generate a random password: tr-dc A-Za-z0-9 _ > .ssh/authorized.. In the file

Note that the file permission should be 600

9. Disable administrator root direct login to PermitRootLogin no prohibit root login can use ordinary users and then sudo

10. Display the access frequency of ssh MaxAuthTries 3 you can also modify the maximum number of login attempts, for example, we change it to 3 times.

11. Do a good periodic analysis of log records: you can analyze / var/log/secure, write a script, block the source IP with iptables for a period of time and leave it blank for a period of time when successive attempts fail, and then add # * #

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Login client key password server user service address file method time times port policy analysis attempt generation authentication security vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MySQL Huawei OPPO Reno Redmi macOS Linux Docker MariaDB vpn Apple Shulou Information Shulou Tech Info Microsoft Shulou Technology Xiaomi NVidia MySQL Huawei OPPO Reno Redmi macOS Linux Docker MariaDB vpn Apple Shulou Information Shulou Tech Info Microsoft Shulou Technology Xiaomi NVidia

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report