How to implement ssh Security reinforcement in linux 04/06 Update SLTechnology News&Howtos

How to implement ssh Security reinforcement in linux

2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to achieve ssh security hardening in linux, Xiaobian feels quite practical, so share it with you as a reference, I hope you can gain something after reading this article.

[root@localhost .ssh]# su - test1 Prevent root from logging in:

To enhance security,

First add a user with normal permissions:

#useradd *****

#passwd ******

//Set password

Production machines prohibit ROOT remote SSH login:

#vim /etc/ssh/sshd_config

put

PermitRootLogin yes

changed to

PermitRootLogin no

Restart sshd service

#service sshd restart

Remote administration logs in as normal user ***** and then switches to root with su - root to gain maximum privileges.

Prevent a user from logging in:

vim /etc/passwd

Modified: lynn:x:500:500::/home/lynn:/bin/bash

for: lynn:x:500:500::/home/lynn:/sbin/nologin

Modified: #Port 22

For: Port ****

2、 vim /etc/ssh/sshd_config

The code is as follows:

Port 12345

StrictModes no

RSAAuthentication yes

PubkeyAuthentication yes

PermitEmptyPasswords no

PasswordAuthentication no

If you are configuring key authentication for a non-root user, the next step is to switch to the corresponding user to do the operation:

[root@localhost .ssh]# su - test1

3、ssh-keygen -t rsa -b 1024

a, carriage return

b. Enter password

4, ls -a /root/.ssh can be seen to generate two files

5、cat id_rsa.pub > authorized_keys

6、chmod 644 authorized_keys

7、rm -rf id_rsa.pub

ls -a /root/.ssh Now there are only two files left, authorized_keys is the public key id_rsa is the secret key.

9. Now bake out the id_rsa key.

10, pay attention to copy the id_rsa first, and then open an SSH terminal, start the service, in case the key is not successful, SSH also can not log in, and can not modify the SSH configuration.

11. Open another SSH terminal for unsuccessful configuration.

12、/etc/init.d/ssh restart

If you share id_rsa files with samba, pay attention to file permissions.

About "how to achieve ssh security hardening in linux" this article is shared here, I hope the above content can be of some help to everyone, so that you can learn more knowledge, if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.