Lan Yiyun: how to modify the SSH remote port in the centos7 system, and how to ensure the server is more secure

Language 2023-04-08 11:53:29 views: null

1. Modify the SSH remote port

By default, the SSH port of the CentOS 7 system is 22, which is a popular target for hackers, so we can reduce the risk of the server being attacked by modifying the SSH remote port.

The steps to modify the SSH remote port are as follows:

1.1 Log in to the server with root privileges

1.2 Modify the SSH configuration file /etc/ssh/sshd_config

sudo vi /etc/ssh/sshd_config

1.3 Find "Port 22" in the file and modify it to another port number (eg: Port 12345)

1.4 Save changes and exit

1.5 Restart the SSH service

sudo systemctl restart sshd

Note: If you use a firewall, remember to open the new port

sudo firewall-cmd --permanent --add-port=12345/tcp
sudo firewall-cmd --reload

2. Improve server security

In addition to modifying the SSH remote port, you can also take the following methods to improve server security:

2.1 Using a firewall

A firewall can help keep your server safe by restricting network connections. The CentOS 7 system uses firewalld by default, you can refer to the following command:

2.1.1 View firewall status

sudo firewall-cmd --state

2.1.2 Open the specified port

sudo firewall-cmd --zone=public --add-port=12345/tcp --permanent

2.1.3 Close the specified port

sudo firewall-cmd --zone=public --remove-port=12345/tcp --permanent

2.1.4 Restart the firewall

sudo firewall-cmd --reload

2.2 Disable root user remote login

Hackers often use the root user to access the server, and this is enabled by default, so we can modify the SSH configuration file to prohibit the root user from logging in remotely.

2.2.1 Log in to the server as root

2.2.2 Modify the SSH configuration file /etc/ssh/sshd_config

sudo vi /etc/ssh/sshd_config

2.2.3 Find PermitRootLogin and change it to PermitRootLogin no

2.2.4 Save and exit

2.2.5 Restart the SSH service

sudo systemctl restart sshd

2.3 Update system

System vulnerabilities are another target for hackers. Therefore, we should regularly update the system and installed software to ensure security.

The above is the introduction of how to modify the SSH remote port and how to ensure the server is more secure. I hope it will be helpful to you.

Lanyi cloud server adopts high-end five-network CN2 GIA/GT network with stable bandwidth, fast speed and low delay, which provides strong support for customers' business expansion on a global scale.

Guess you like

Origin blog.csdn.net/tiansyun/article/details/130015394
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com