centos7修改默认ssh端口,禁止root账户登陆,使用**登陆
程序员文章站
2022-07-07 18:33:06
...
修改默认ssh端口
root账户下打开更改ssh配置文件:
[[email protected] ~]# vim /etc/ssh/sshd_config
找到第17行17 #Port 22
去掉注释后更改为自己想要的端口号:
Port 2200
设置防火墙允许新端口通过:
firewall-cmd --zone=public --add-port=2200/tcp --permanent
重启防火墙:
firewall-cmd --reload
禁止root账户直接登陆
一、新建一个普通账户并设置密码:
useradd zzz
passwd zzz
二、设置普通账户“zzz”可以使用sudo
[[email protected] ~]# visudo
……省略……
98 root ALL=(ALL) ALL ##找到这一行,在下面新增一行
99 zzz ALL=(root) !/usr/bin/passwd, /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root ##这一行是新增的,意思是允许zzz账户运行任何字符,passwd与passwd root除外,这样zzz就无法改变root账户密码
……省略……
三、修改ssh配置文件,禁止root账户远程登陆:
[[email protected] ~]# vim /etc/ssh/sshd_config
查找“#PermitRootLogin yes”,将前面的“#”去掉,短尾“yes”改为“no”,并保存文件。
重启ssh服务:
systenctl restart sshd
使用**登陆,禁止ssh口令登陆
生成公钥与私钥**对:
输入:ssh-******,连续按三次回车,会在系统用户的.ssh文件夹下生成私钥id_rsa、公钥id_rsa.pub.
[[email protected] ~]# ssh-******
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
4c:8b:9d:85:ec:08:29:ec:04:2f:78:48:8f:03:6b:d2 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|o. |
|+Bo . . . |
|*+E.o + . |
|o=.. . B + |
| . o S |
| |
| |
| |
| |
+-----------------+
[[email protected] ~]# ll .ssh
total 8
-rw------- 1 root root 1675 May 29 14:48 id_rsa
-rw-r--r-- 1 root root 408 May 29 14:48 id_rsa.pub
[[email protected] ~]#
查看公钥:
[[email protected] ~]# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaJtnVe8+70h+wlOuZwAXlyqWXcIZ15ybcmZkY718K2m2zErheYMyU2l99stSBVv9crk7pX2p/lzxI3B6nVWO0QCiLiUldoC4nBA/GhQ+kU5zfzBf3VTuS5Msqxe5oMuyxqD5WIttC+jcdZLlUqgJ1j7gbonQtSkmOZoUqR6SFIU722iVphv75lZDoUtmfPAxt7CFxQ5gaJgFCdcv2dl35B/gJJ40t9tQOyIbRFLescJBamL79Tikk+3UIJbtUaCwYiknzbViopjZWU+ZFSvlkShFqto9RV1pJeUe6UM17LK2hYRoyr182j2/1KC6PQIQMoVZB4W6Ko0c+iB [email protected]
复制公钥粘贴到授权文件:.ssh/authorized_keys中
[[email protected] ~]# vim .ssh/authorized_keys
保存私钥id_rsa到本地,登陆时使用私钥登陆。
修改ssh配置:启用**登陆、禁止口令登陆
[[email protected] ~]# vim /etc/ssh/sshd_config
…………
#启用**验证
#RSAAuthentication no 改为
RSAAuthentication yes
#PubkeyAuthentication no 改为
PubkeyAuthentication yes
#指定公钥数据库文件
AuthorsizedKeysFile.ssh/authorized_keys
#PasswordAuthentication yes 改为
PasswordAuthentication no
修改为以上配置后重启sshd服务,至此全部配置完成
systemctl restart sshd
上一篇: 统一网络控制器Func