Linux ssh related configuration

ssh is the common way to log in to linux server, but for security reasons, sometimes we need to do some special processing for ssh, this article records some modifications I have made for everyone. reference.

First, modify the ssh port

ssh defaults to 22 ports, if you need to modify to other ports, you can modify the /etc/ssh/sshd_config file,

#Port 22

The comment is removed, modified to the required port (such as 8888), and then use the following command to restart the ssh service

service sshd restart

Second, turn off the root user remote ssh login Permissions

If you do not want the root user to log in remotely, you can modify it as follows:

vi /etc/ssh/sshd_config

Will

#PermitRootLogin yes

The comment is removed, yes to no, restart ssh service (here best reboot)

Third, prohibit certain users from remote login

1. Modify /etc /pam.d/sshd

Add a line after #%PAM-1.0:

auth required pam_listfile.so item=user sense=allow file=/etc/ssh_users onerr=fail

2. Enable user remote login (for example, allow abc remote login):

echo abc /etc/ssh_users

3. User remote login:

rm –rf /etc/ssh_users

The above example simply deletes the file. In fact, if a user is not allowed to log in, the user is deleted from the ssh_users file. can.