CentOS8 修改SSH端口,禁用root登录,修改SSH协议
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了CentOS8 修改SSH端口,禁用root登录,修改SSH协议,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含5032字,纯文字阅读大概需要8分钟。
内容图文
[root@centos8 ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
1. Create Test SUDO user and add to wheel group.
[root@centos8 ~]# useradd testuser
[root@centos8 ~]# passwd testuser
Changing password for user testuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@centos8 ~]# usermod -aG wheel testuser
[root@centos8 ~]# id testuser
uid=1001(testuser) gid=1001(testuser) groups=1001(testuser),10(wheel)
2. Change SSH root, Disable Root login, Diable SSH protocol 1.
[root@centos8 ~]# vi /etc/ssh/sshd_config
Port 8888
PermitRootLogin no
# Protocol 2,1
Protocol 2
3. Add custom port SSH service to firewalld and reload.
[root@centos8 ~]# cp -av /usr/lib/firewalld/services/ssh.xml /usr/lib/firewalld/services/ssh-custom.xml
[root@centos8 ~]# vi /usr/lib/firewalld/services/ssh-custom.xml
port="8888"
[root@centos8 ~]# firewall-cmd --permanent --remove-service='ssh'
success
[root@centos8 ~]# firewall-cmd --permanent --add-service='ssh-custom'
success
[root@centos8 ~]# firewall-cmd --reload
success
[root@centos8 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: cockpit dhcpv6-client ssh-custom
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
4. Restart SSH service and check if SSH service has started listening on new port 8888
[root@centos8 ~]# netstat -plunt | grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1299/sshd
[root@centos8 ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-08-06 11:23:33 +04; 5h 46min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 1299 (sshd)
Tasks: 1 (limit: 17914)
Memory: 7.2M
CGroup: /system.slice/sshd.service
└─1299 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm>
Aug 06 11:23:32 centos8 systemd[1]: Starting OpenSSH server daemon...
Aug 06 11:23:33 centos8 sshd[1299]: Server listening on 0.0.0.0 port 22.
Aug 06 11:23:33 centos8 systemd[1]: Started OpenSSH server daemon.
Aug 06 11:24:20 centos8 sshd[8824]: Accepted password for root from 192.168.1.100 port 62079 ssh2
[root@centos8 ~]# systemctl restart sshd
[root@centos8 ~]# netstat -plunt | grep ssh
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 28513/sshd
[root@centos8 ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-08-06 17:10:16 +04; 51s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 28513 (sshd)
Tasks: 1 (limit: 17914)
Memory: 1.2M
CGroup: /system.slice/sshd.service
└─28513 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gc>
Aug 06 17:10:16 centos8 systemd[1]: Starting OpenSSH server daemon...
Aug 06 17:10:16 centos8 sshd[28513]: Server listening on 0.0.0.0 port 8888.
Aug 06 17:10:16 centos8 systemd[1]: Started OpenSSH server daemon.
5. Test.
[testuser@centos8 ~]$ ip a | grep enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.1.102/24 brd 192.168.1.255 scope global noprefixroute enp0s3
[testuser@centos8 ~]$ ssh root@192.168.1.102 #默认22端口已失效。
ssh: connect to host 192.168.1.102 port 22: Connection refused
[testuser@centos8 ~]$ ssh root@192.168.1.102 -p 8888 #已禁止root帐号登录
The authenticity of host '[192.168.1.102]:8888 ([192.168.1.102]:8888)' can't be established.
ECDSA key fingerprint is SHA256:R0pE89wn1wUodRxuGLkFjQMKnGDKUAVmlrjO6LLEtMc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[192.168.1.102]:8888' (ECDSA) to the list of known hosts.
root@192.168.1.102's password:
Permission denied, please try again.
[testuser@centos8 ~]$ ssh testuser@192.168.1.102 -p 8888 #普通帐号可以正常登录
testuser@192.168.1.102's password:
Last login: Thu Aug 6 17:17:50 2020 from 192.168.1.100
[testuser@centos8 ~]$ su
Password:
[root@centos8 testuser]#
[root@centos8 ~]# ssh -1 testuser@192.168.1.102 -p 8888 # Protocol 1 已经不支持
SSH protocol v.1 is no longer supported
[root@centos8 ~]# ssh -2 testuser@192.168.1.102 -p 8888 # Protocol 2 正常
The authenticity of host '[192.168.1.102]:8888 ([192.168.1.102]:8888)' can't be established.
ECDSA key fingerprint is SHA256:R0pE89wn1wUodRxuGLkFjQMKnGDKUAVmlrjO6LLEtMc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[192.168.1.102]:8888' (ECDSA) to the list of known hosts.
testuser@192.168.1.102's password:
Web console: https://centos8:9090/ or https://192.168.1.102:9090/
Last login: Thu Aug 6 17:19:09 2020 from 192.168.1.102
[testuser@centos8 ~]$
内容总结
以上是互联网集市为您收集整理的CentOS8 修改SSH端口,禁用root登录,修改SSH协议全部内容,希望文章能够帮你解决CentOS8 修改SSH端口,禁用root登录,修改SSH协议所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。