Many webmasters have linux hosts, whether it is a virtual machine or a physical machine, generally when we connect remotely, we use ssh (SecureShell is a security protocol based on the application layer and the transport layer).
Its default port is 22, and root can also be used to log in by default. This is a very dangerous thing on the Internet. We can only improve the security relatively by changing its default port (although it will still be probed by port scanning) and disabling root login.
1. Modify the default port of ssh
a. Temporary modification of the command line
The default port of SSH under Linux is 22. For security reasons, the port of SSH is now modified to 1433. The modification method is as follows:
/usr/sbin/sshd -p 1433
b. Modify the configuration file and modify it permanently
vi /etc/ssh/sshd_config
Then modify it to port 8888
2. Service sshd restart (redhat as3) as root
3. Use putty, port 8888, and connect remotely.
for enhanced security
First add a user with ordinary privileges:
#useradd sshuser
#passwd sshuser
//Set the password, it must be a complex password, write it down with a notebook, so as not to forget it
Prohibit ROOT remote SSH login on production machine:
#vi /etc/ssh/sshd_config
Bundle
PermitRootLogin yes
change to
PermitRootLogin no
restart sshd service
#service sshd restart
Log in with the ordinary user sshuser for remote management, and then use su root to switch to the root user to get the highest authority