How does centos7 ssh deny connections to other servers 02/24 Update SLTechnology News&Howtos

How does centos7 ssh deny connections to other servers

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Shulou(Shulou.com)06/02 Report--

This article mainly explains "how centos7 ssh rejects other server connections". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how centos7 ssh rejects other server connections".

1. Modify the configuration of sshd itself: default port, number of password attempts, prohibition of root, client connection time, cancellation of dns resolution

2. System-level host allow deny

3. Pam level

4. Other tools assist

This article introduces: system-level hosts.allow hosts.deny

Two files can be used to control remote access permissions.

/ etc/hosts.allow control can access the local IP address, / etc/hosts.deny control forbids access to the local IP.

If there is a conflict in the configuration of the two files, / etc/hosts.allow shall prevail.

The executor of the hosts.allow and hosts.deny rules is TCP wrappers, the corresponding daemon is tcpd;, and the tcpd execution depends on the program using the libwrap library.

In other words: hosts.allow and hosts.deny support and only support services that use the libwrap library.

Check to see if the program uses libwarp

Method 1. Check the hosts_access field string

To see if the application supports wrapper, you can use the strings program and then grep the string hosts_access:

Strings / usr/sbin/sshd | grep hosts_access

Method 2. Use ldd

Ldd / usr/sbin/sshd | grep libwrap

Inspection found that the use of xinetd can, sshd can, vsftpd can, httpd can not, weblogic and other java programs do not think about it.

Take sshd as an example:

$netstat-tunlp | grep sshd

Tcp 00 0.0.0.0Viru 5000 0.0.0.0purl * LISTEN 17638/sshd

$cat / etc/hosts.deny

Sshd:x.x.x.x

Remotely from the x.x.x.x server:

➜~ ssh root@xxxx.com-p 5000

Ssh_exchange_identification: read: Connection reset by peer

Just say no.

At this point, I believe you have a deeper understanding of "how centos7 ssh rejects other server connections". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.