Shulou(Shulou.com)06/01 Report--

This article introduces how to modify the default remote connection port in CentOS. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

1. Edit firewall configuration: vi / etc/sysconfig/iptables

New port 7022 added to the firewall

-An INPUT-m state-- state NEW-m tcp-p tcp-- dport 7022-j ACCEPT

=

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

* filter

: INPUT ACCEPT [0:0]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

-An INPUT-m state-- state ESTABLISHED,RELATED-j ACCEPT

-An INPUT-p icmp-j ACCEPT

-An INPUT-I lo-j ACCEPT

-An INPUT-m state-- state NEW-m tcp-p tcp-- dport 22-j ACCEPT

-An INPUT-m state-- state NEW-m tcp-p tcp-- dport 7022-j ACCEPT

-An INPUT-j REJECT-- reject-with icmp-host-prohibited

-A FORWARD-j REJECT-- reject-with icmp-host-prohibited

COMMIT

Restart the firewall for the configuration to take effect:

/ etc/init.d/iptables restart

Service iptables restart

=

2. Backup the ssh port configuration file

Cp / etc/ssh/ssh_config / etc/ssh/ssh_configbak

Cp / etc/ssh/sshd_config / etc/ssh/sshd_configbak

Modify the ssh port to: 7022

Vi / etc/ssh/sshd_config

Add Port 7022 under port # Port 22

Vi / etc/ssh/ssh_config

Add Port 7022 under port # Port 22

Restart: / etc/init.d/sshd restart

Service sshd restart

After you can connect normally with port 7022, go back and repeat the above steps. If port 22 is disabled, ssh can only connect with port 7022! The security of the system is enhanced.

=

3. Prohibit root from logging in remotely through ssh

Vi / etc/ssh/sshd_config

Find PermitRootLogin, change the following yes to no, and cancel the previous comment # so that root can't log in remotely!

You can log in with an ordinary account. When you want to use root, use the command su root to switch to the root account.

=

4. Restrict users' SSH access

Suppose that as long as root,user1 and user2 users can use the system through SSH, add to the sshd_config configuration file

Vi / etc/ssh/sshd_config

AllowUsers rootuser1user2

=

5. Configure the idle timeout exit interval

Users can log in to the server through ssh, and you can set an idle timeout interval.

Open the sshd_config configuration file and set it to the following.

Vi / etc/ssh/sshd_config

ClientAliveInterval 600

ClientAliveCountMax 0

The idle timeout interval set in the above example is 600 seconds, or 10 minutes.

After this time, idle users will be automatically kicked out (which can be understood as logout / logout).

=

6. Restrict that only a certain IP can log in to the server remotely.

Vi / etc/hosts.deny # adds sshd:ALL to it

Vi / etc/hosts.allow # is set up as follows: sshd:192.168.1.1 # (only 192.168.1.1 this IP remote login server is allowed)

Finally restart the ssh service: / etc/init.d/sshd restart

On how to modify the default remote connection port in CentOS to share here, I hope the above content can be of some help to you, you can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.