Shulou(Shulou.com)06/03 Report--

There is a person living in some passwords, and there is a special meaning hidden in some passwords. There is always a story in the password.

Any password is the first one, please guard your password to prevent it from being broken violently.

Linux modifies the default SSH port 22 to avoid being violently cracked

At present, many people still use passwords to log in to the server, and the server is the default port 22, but this will be in danger of being violently cracked (unless it is complex enough). According to the requirements of most customers, I will write a tutorial on changing SSH ports.

For server security, it is recommended that non-22 port + Key key login + Key key password is the safest combination.

To be on the safe side, let's first add a SSH port and the corresponding firewall rules, and then use this new port to connect to the server. If there is no problem, we will delete the default port 22 (the reason for this is that if you modify the port directly, you may not be able to connect to SSH after some problems occur.

Add SSH Port

After vi / etc/ssh/sshd_config# vi opens the file, press I to enter edit mode, then add the port configuration as required below, and finally press ESC to exit edit mode and type: wq to save and exit the vi editor.

We add a new port we want to use under the default SSH port configuration, such as 23456

The default port 22 configuration of Port 2 ports. Please note that the default port 22 configuration is not deleted now to avoid being unable to link the newly added port 23456 configuration of SSHPort 2345 ports after modification.

Then we restart SSH.

/ etc/init.d/ssh restart# if the prompt service does not exist, use / etc/init.d/sshd restart# CentOS7 and use systemctl restart sshd.service

Configure the firewall

First of all, let's add the firewall rule (the example port is 23456, change it yourself):

Iptables-I INPUT-p tcp-- dport 23456-j ACCEPT

Then it is not clear whether you have configured the firewall to boot and boot to read the firewall configuration file, so I also write the steps here. I suggest you all do it to avoid the failure to connect to the server because the SSH port firewall is not open after restarting VPS.

Configure the firewall to boot

The following code is to configure the firewall to boot and save the firewall rules, which will be automatically read after boot.

CentOS system:

Note: if it is a CentOS7 system, it is not an iptables firewall.

Service iptables savechkconfig-level 2345 iptables on

If you need to save the firewall rules in the future, just execute:

Service iptables save

Debian/Ubuntu system:

Iptables-save > / etc/iptables.up.rulesecho-e'#! / bin/bash\ n/sbin/iptables-restore

/ etc/network/if-pre-up.d/iptableschmod + x / etc/network/if-pre-up.d/iptables

If you need to save the firewall rules in the future, just execute:

Iptables-save > / etc/iptables.up.rules

Test it

After the above steps are completed, please disconnect the current SSH connection, then change the SSH port to a new port (sample port is 23456), and try to link the new port. If the connection is normal, then continue with the following steps. If the connection is not normal, then use the old port 22 connection above to troubleshoot the problem.

Cancel the default SSH port 22

Vi / etc/ssh/sshd_config

Let's open the SSH configuration file again, delete the line Port 22, and then restart SSH.

/ etc/init.d/ssh restart# if the prompt service does not exist, use / etc/init.d/sshd restart# CentOS7 and use systemctl restart sshd.service

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.