欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

centos7修改默认ssh端口,禁止root账户登陆,使用**登陆

程序员文章站 2022-07-07 18:33:06
...

修改默认ssh端口

root账户下打开更改ssh配置文件:

[[email protected] ~]# vim /etc/ssh/sshd_config
找到第17行17 #Port 22
去掉注释后更改为自己想要的端口号:
Port 2200
设置防火墙允许新端口通过:
firewall-cmd --zone=public --add-port=2200/tcp --permanent
重启防火墙:
firewall-cmd --reload

禁止root账户直接登陆

一、新建一个普通账户并设置密码:

useradd zzz
passwd zzz 

二、设置普通账户“zzz”可以使用sudo

[[email protected] ~]# visudo
……省略……
98 root    ALL=(ALL)       ALL	##找到这一行,在下面新增一行
99 zzz	ALL=(root)  !/usr/bin/passwd, /usr/bin/passwd [A-Za-z]*,  !/usr/bin/passwd root	##这一行是新增的,意思是允许zzz账户运行任何字符,passwd与passwd root除外,这样zzz就无法改变root账户密码
……省略……

三、修改ssh配置文件,禁止root账户远程登陆:

[[email protected] ~]# vim /etc/ssh/sshd_config
查找“#PermitRootLogin yes”,将前面的“#”去掉,短尾“yes”改为“no”,并保存文件。
重启ssh服务:
systenctl restart sshd

使用**登陆,禁止ssh口令登陆

生成公钥与私钥**对:
输入:ssh-******,连续按三次回车,会在系统用户的.ssh文件夹下生成私钥id_rsa、公钥id_rsa.pub.

[[email protected] ~]# ssh-******
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
4c:8b:9d:85:ec:08:29:ec:04:2f:78:48:8f:03:6b:d2 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|o.               |
|+Bo  . . .       |
|*+E.o   + .      |
|o=.. . B +       |
|  .   o S        |
|                 |
|                 |
|                 |
|                 |
+-----------------+
[[email protected] ~]# ll .ssh
total 8
-rw------- 1 root root 1675 May 29 14:48 id_rsa
-rw-r--r-- 1 root root  408 May 29 14:48 id_rsa.pub
[[email protected] ~]# 

查看公钥:

[[email protected] ~]# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaJtnVe8+70h+wlOuZwAXlyqWXcIZ15ybcmZkY718K2m2zErheYMyU2l99stSBVv9crk7pX2p/lzxI3B6nVWO0QCiLiUldoC4nBA/GhQ+kU5zfzBf3VTuS5Msqxe5oMuyxqD5WIttC+jcdZLlUqgJ1j7gbonQtSkmOZoUqR6SFIU722iVphv75lZDoUtmfPAxt7CFxQ5gaJgFCdcv2dl35B/gJJ40t9tQOyIbRFLescJBamL79Tikk+3UIJbtUaCwYiknzbViopjZWU+ZFSvlkShFqto9RV1pJeUe6UM17LK2hYRoyr182j2/1KC6PQIQMoVZB4W6Ko0c+iB [email protected]

复制公钥粘贴到授权文件:.ssh/authorized_keys中

[[email protected] ~]# vim .ssh/authorized_keys

保存私钥id_rsa到本地,登陆时使用私钥登陆。
修改ssh配置:启用**登陆、禁止口令登陆

[[email protected] ~]# vim /etc/ssh/sshd_config
…………
#启用**验证
#RSAAuthentication no 改为
RSAAuthentication yes

#PubkeyAuthentication no 改为
PubkeyAuthentication yes

#指定公钥数据库文件
AuthorsizedKeysFile.ssh/authorized_keys

#PasswordAuthentication yes 改为
PasswordAuthentication no

修改为以上配置后重启sshd服务,至此全部配置完成

systemctl restart sshd