Shulou(Shulou.com)06/02 Report--

Recently in the review of the basic use of firewall management tool iptables, involving the port to add or delete firewall policy content, before the ssh to change the default port number and password-free login method is not familiar with, this time to do a basic summary to prevent themselves from forgetting.

I hope you will spend more on mistakes and other experiences.

System environment: two RHEL 7s

Login host: master.domain12.example.com 192.168.0.150Accord 24

Remote host: rhel.domain12.example.com 192.168.0.212Comp24

1. Ssh changes the default port number

Operations on rhel.domain12.example.com:

(1) configure the remote host ssh configuration file / etc/ssh/sshd_config, as shown in the figure, change the port number (make sure that port 50000 is not occupied in advance).

(2) restart the ssh service, set boot self-startup and check the process status.

Add the allowed network segment and port 50000 to the firewall policy and save it.

Save using service iptables save and write the configuration to the configuration file / etc/sysconfig/iptables of iptables, otherwise the firewall policy will be lost the next time you boot.

Use netstat-tunlp to view the status of port 50000.

2. Ssh implements password-free remote login

Operations on master.domain12.example.com:

(1) use the ssh-keygen command to generate the public / private key for remote login. The public key is in the login host and the remote host, and the private key is in the login host. Here the public / private key generated by the rsa algorithm is used.

(2) use the rsync command to synchronize the public key / root/.ssh/id_rsa.pub to the remote host rhel.domain12.example.com under / root/.ssh.

Because in the remote host, the firewall policy has been cleared and only port 50000 is open, while rsync uses port 22 of ssh by default, you must specify the rsync command to use port 50000 for public key synchronization.

The-e option is used here to implement the designated port, enclosing it in double quotes, and the rest of the syntax format is the same as the general rsync command.

(3) check the public key under the remote host / root/.ssh directory. Redirect the public key to the authorized_keys file and change the access to the file to root user read-only.

3. Ssh login test using designated port and password-free

Login test is conducted directly on master.domain12.example.com, and you can log in successfully.

The-p option specifies the port number of the ssh login.

Summary

The above is the editor to introduce to you the ssh to change the default port number and achieve password-free remote login, hope to help you, if you have any questions welcome to leave me a message, the editor will reply to you in time!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.