Modify the default SS 22 port for centos7 to enhance security

Generally speaking, the security of the Linux system is already very high, but it will also encounter some special situations, such as other people’s targeted "Sao Miao" blasting, and will continue to guess and try to log in. If you ignore it, you still have For higher hidden dangers, let’s talk about modifying the default port 22 under centos 7 to improve the safety factor. The general steps are as follows:

 

step1 modify /etc/ssh/sshd_config

vi /etc/ssh/sshd_config

#Port 22 //Remove the # sign from this line to prevent remote login after bad configuration. You have to go to the computer room to modify it. After the modified port can be used, comment it out

Port 20000 //Add this line below

 

step2 modify the firewall configuration

Firewall add the ssh port you want to modify:

firewall-cmd --zone=public --add-port=20000/tcp --permanent (permanent means to save the configuration, otherwise the modification will be invalid after the next restart)

reload firewall:

firewall-cmd --reload

Check whether the port is added successfully, if the port is added successfully, it will display yes, otherwise no

firewall-cmd --zone=public --query-port=20000/tcp

 

step3 modify SELinux

Use the following command to view the current ssh ports allowed by SElinux:

semanage port -l | grep ssh

 

Add 20000 port to SELinux

semanage port -a -t ssh_port_t -p tcp 20000

 

Then confirm whether to add it

semanage port -l | grep ssh

Will output if successful

ssh_port_t tcp 20000, 22

 

step4 restart ssh

systemctl restart sshd.service

 

step5 Test the ssh connection of the new port

Test the ssh connection after modifying the port, if it succeeds, re-comment out port 22 in step1


at 12/06/2020, 18:24pm

Been read 60 times

Similar Articles

BBR acceleration


       This article introduces one-key fool-style upgrade of the kernel and installation of BBR acceleration. Affirm: The tutorial for one-click installation of BBR was created by Teddy! Google's TCP BBR congestion control...

How to mount a disk under Linux


Theoretically adapt to all Linux systems, just determine the mount point Copy all the following commands directly and paste them into the SS terminal: mkfs.ext4 /dev/vdb echo'/dev/vdb /home ext4 defaults 0 0'>> /etc/fstab mount...

What People wrote...

Powered by WHMCompleteSolution