服务器远程root屏蔽以及登录端口设定(ssh)

为了安全考虑，有时候我们希望远程登录服务器时，防止使用超级用户(root)直接进行登录并且修改ssh默认登录端口。

修改配置文件： /etc/ssh/sshd_config

修改内容如下所示：

[root@backgw conf]# cat /etc/ssh/sshd_config #$OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $# This is the sshd server system-wide configuration file.  See# sshd_config(5) for more information.# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin# The strategy used for options in the default sshd_config shipped with# OpenSSH is to specify options with their default value where# possible, but leave them commented.  Uncommented options change a# default value.<span style="color:#ff0000;"><strong>#Port 22Port 60000          ### 修改默认端口号</strong></span>#Protocol 2,1Protocol 2#AddressFamily any#ListenAddress 0.0.0.0#ListenAddress ::# HostKey for protocol version 1#HostKey /etc/ssh/ssh_host_key# HostKeys for protocol version 2#HostKey /etc/ssh/ssh_host_rsa_key#HostKey /etc/ssh/ssh_host_dsa_key# Lifetime and size of ephemeral version 1 server key#KeyRegenerationInterval 1h#ServerKeyBits 768# Logging# obsoletes QuietMode and FascistLogging#SyslogFacility AUTHSyslogFacility AUTHPRIV#LogLevel INFO# Authentication:#LoginGraceTime 2m<strong><span style="color:#ff0000;">PermitRootLogin no     # 禁止使用root用户登录系统</span></strong>#StrictModes yes…………………………………………

修改该文件后，重新启动sshd服务

service sshd restart

 

这样远程登录时，屏蔽root用户以及使用ssh端口为60000(设定默认值)。

这样就可以使用  ssh -p 6000 user@xx.xxx.xx.xxx 来登录服务器。(可以使用telnet xxx.xx.xxx.xxx.xxx  6000 来测试是否可以连接)