基本级优化,sshd服务端。
增加如下内容:
[root@byrd ~]# vim /etc/ssh/sshd_config
0 1 2 3 4 5 |
#BY:BYRD Port 32987 #修改为你需要的端口 PermitRootLogin no #禁止root远程登录 PermitEmptyPasswords no #禁止空密码登录 UseDNS no #关闭DNS反向解析 #BY:BYRD |
懒人修改法(复制粘贴即可):
0 1 2 3 4 5 6 7 8 9 10 |
cat >> /etc/ssh/sshd_config <<BYRD #BY:BYRD Port 32987 #修改为你需要的端口 UseDNS no #关闭DNS反向解析 PermitRootLogin no #禁止root远程登录 PermitEmptyPasswords no #禁止空密码登录 SyslogFacility AUTHPRIV PasswordAuthentication yes AddressFamily inet #BY:BYRD BYRD |
附加:禁止特定用户登录
0 1 2 |
[root@byrd ~]# cat >> /etc/ssh/sshd_config <<BYRD > denyusers username > BYRD |
安全:
0 1 2 3 4 5 6 7 8 |
[root@Test /]# head -2 /etc/pam.d/sshd #%PAM-1.0 account required pam_access.so [root@test security]# cat /etc/pam.d/crond | grep pam_access.so #account required pam_access.so [root@Test /]# tail -3 /etc/security/access.conf + : ALL : foo.bar.org + : byrd : ALL - : ALL : ALL |
申明:本文由BYRD原创(基于Centos6.4 X64),未经许可禁止转载!
参考:http://www.rsinfominds.com/you-root-are-not-allowed-to-access-to-crontab-because-of-pam-configuration/
曾参考:oldboy博客SourceByrd's Weblog-https://note.t4x.org/basic/linux-sshd-config/
SourceByrd's Weblog-https://note.t4x.org/basic/linux-sshd-config/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!