linux sshd 配置修改

April 17, 2014CommentsRead

基本级优化，sshd服务端。

增加如下内容：
[root@byrd ~]# vim /etc/ssh/sshd_config

#BY:BYRD
Port 32987    #修改为你需要的端口
PermitRootLogin no    #禁止root远程登录
PermitEmptyPasswords no    #禁止空密码登录
UseDNS no    #关闭DNS反向解析
#BY:BYRD

#BY:BYRD

Port 32987 #修改为你需要的端口

PermitRootLogin no #禁止root远程登录

PermitEmptyPasswords no #禁止空密码登录

UseDNS no #关闭DNS反向解析

#BY:BYRD

文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/basic/linux-sshd-config/

懒人修改法（复制粘贴即可）：

cat >> /etc/ssh/sshd_config <<BYRD
#BY:BYRD
Port 32987    #修改为你需要的端口
UseDNS no    #关闭DNS反向解析
PermitRootLogin no    #禁止root远程登录
PermitEmptyPasswords no    #禁止空密码登录
SyslogFacility AUTHPRIV
PasswordAuthentication yes
AddressFamily inet
#BY:BYRD
BYRD

cat >> /etc/ssh/sshd_config <<BYRD

#BY:BYRD

Port 32987 #修改为你需要的端口

UseDNS no #关闭DNS反向解析

PermitRootLogin no #禁止root远程登录

PermitEmptyPasswords no #禁止空密码登录

SyslogFacility AUTHPRIV

PasswordAuthentication yes

AddressFamily inet

#BY:BYRD

BYRD

文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/basic/linux-sshd-config/

附加：禁止特定用户登录

[root@byrd ~]# cat >> /etc/ssh/sshd_config <<BYRD
> denyusers username
> BYRD

[root@byrd ~]# cat >> /etc/ssh/sshd_config <<BYRD

> denyusers username

> BYRD

文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/basic/linux-sshd-config/

安全：

[root@Test /]# head -2 /etc/pam.d/sshd 
#%PAM-1.0
account    required pam_access.so
[root@test security]# cat /etc/pam.d/crond | grep pam_access.so
#account    required   pam_access.so
[root@Test /]# tail -3 /etc/security/access.conf 
+ : ALL : foo.bar.org
+ : byrd : ALL
- : ALL : ALL

[root@Test /]# head -2 /etc/pam.d/sshd

#%PAM-1.0

account required pam_access.so

[root@test security]# cat /etc/pam.d/crond | grep pam_access.so

#account required pam_access.so

[root@Test /]# tail -3 /etc/security/access.conf

+ : ALL : foo.bar.org

+ : byrd : ALL

- : ALL : ALL

文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/basic/linux-sshd-config/

申明：本文由BYRD原创(基于Centos6.4 X64)，未经许可禁止转载！
参考：http://www.rsinfominds.com/you-root-are-not-allowed-to-access-to-crontab-because-of-pam-configuration/
曾参考：oldboy博客文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/basic/linux-sshd-config/ 文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/basic/linux-sshd-config/

申明：除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!

On this day in past years

April

2016php测试MySQL数据库代码

Hot search

On this day in past years

Comment