1. Modify the SSH remote port
By default, the SSH port of the CentOS 7 system is 22, which is a popular target for hackers, so we can reduce the risk of the server being attacked by modifying the SSH remote port.
The steps to modify the SSH remote port are as follows:
1.1 Log in to the server with root privileges
1.2 Modify the SSH configuration file /etc/ssh/sshd_config
sudo vi /etc/ssh/sshd_config
1.3 Find "Port 22" in the file and modify it to another port number (eg: Port 12345)
1.4 Save changes and exit
1.5 Restart the SSH service
sudo systemctl restart sshd
Note: If you use a firewall, remember to open the new port
sudo firewall-cmd --permanent --add-port=12345/tcp
sudo firewall-cmd --reload
2. Improve server security
In addition to modifying the SSH remote port, you can also take the following methods to improve server security:
2.1 Using a firewall
A firewall can help keep your server safe by restricting network connections. The CentOS 7 system uses firewalld by default, you can refer to the following command:
2.1.1 View firewall status
sudo firewall-cmd --state
2.1.2 Open the specified port
sudo firewall-cmd --zone=public --add-port=12345/tcp --permanent
2.1.3 Close the specified port
sudo firewall-cmd --zone=public --remove-port=12345/tcp --permanent
2.1.4 Restart the firewall
sudo firewall-cmd --reload
2.2 Disable root user remote login
Hackers often use the root user to access the server, and this is enabled by default, so we can modify the SSH configuration file to prohibit the root user from logging in remotely.
2.2.1 Log in to the server as root
2.2.2 Modify the SSH configuration file /etc/ssh/sshd_config
sudo vi /etc/ssh/sshd_config
2.2.3 Find PermitRootLogin and change it to PermitRootLogin no
2.2.4 Save and exit
2.2.5 Restart the SSH service
sudo systemctl restart sshd
2.3 Update system
System vulnerabilities are another target for hackers. Therefore, we should regularly update the system and installed software to ensure security.
The above is the introduction of how to modify the SSH remote port and how to ensure the server is more secure. I hope it will be helpful to you.
Lanyi cloud server adopts high-end five-network CN2 GIA/GT network with stable bandwidth, fast speed and low delay, which provides strong support for customers' business expansion on a global scale.