• CentOS8 修改SSH端口,禁用root登录,修改SSH协议

    [root@centos8 ~]# cat /etc/redhat-release
    CentOS Linux release 8.2.2004 (Core)

    1. Create Test SUDO user and add to wheel group.
    [root@centos8 ~]# useradd testuser
    [root@centos8 ~]# passwd testuser
    Changing password for user testuser.
    New password:
    Retype new password:
    passwd: all authentication tokens updated successfully.
    [root@centos8 ~]# usermod -aG wheel testuser
    [root@centos8 ~]# id testuser
    uid=1001(testuser) gid=1001(testuser) groups=1001(testuser),10(wheel)

    2. Change SSH root, Disable Root login, Diable SSH protocol 1.
    [root@centos8 ~]# vi /etc/ssh/sshd_config
    Port 8888
    PermitRootLogin no

    # Protocol 2,1
    Protocol 2

    3. Add custom port SSH service to firewalld and reload.
    [root@centos8 ~]# cp -av /usr/lib/firewalld/services/ssh.xml /usr/lib/firewalld/services/ssh-custom.xml
    [root@centos8 ~]# vi /usr/lib/firewalld/services/ssh-custom.xml
    port="8888"
    [root@centos8 ~]# firewall-cmd --permanent --remove-service='ssh'
    success
    [root@centos8 ~]# firewall-cmd --permanent --add-service='ssh-custom'
    success
    [root@centos8 ~]# firewall-cmd --reload
    success
    [root@centos8 ~]# firewall-cmd --list-all
    public (active)
    target: default
    icmp-block-inversion: no
    interfaces: enp0s3
    sources:
    services: cockpit dhcpv6-client ssh-custom
    ports:
    protocols:
    masquerade: no
    forward-ports:
    source-ports:
    icmp-blocks:
    rich rules:

    4. Restart SSH service and check if SSH service has started listening on new port 8888
    [root@centos8 ~]# netstat -plunt | grep ssh
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1299/sshd
    [root@centos8 ~]# systemctl status sshd
    ● sshd.service - OpenSSH server daemon
    Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
    Active: active (running) since Thu 2020-08-06 11:23:33 +04; 5h 46min ago
    Docs: man:sshd(8)
    man:sshd_config(5)
    Main PID: 1299 (sshd)
    Tasks: 1 (limit: 17914)
    Memory: 7.2M
    CGroup: /system.slice/sshd.service
    └─1299 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm>

    Aug 06 11:23:32 centos8 systemd[1]: Starting OpenSSH server daemon...
    Aug 06 11:23:33 centos8 sshd[1299]: Server listening on 0.0.0.0 port 22.
    Aug 06 11:23:33 centos8 systemd[1]: Started OpenSSH server daemon.
    Aug 06 11:24:20 centos8 sshd[8824]: Accepted password for root from 192.168.1.100 port 62079 ssh2
    [root@centos8 ~]# systemctl restart sshd
    [root@centos8 ~]# netstat -plunt | grep ssh
    tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 28513/sshd
    [root@centos8 ~]# systemctl status sshd
    ● sshd.service - OpenSSH server daemon
    Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
    Active: active (running) since Thu 2020-08-06 17:10:16 +04; 51s ago
    Docs: man:sshd(8)
    man:sshd_config(5)
    Main PID: 28513 (sshd)
    Tasks: 1 (limit: 17914)
    Memory: 1.2M
    CGroup: /system.slice/sshd.service
    └─28513 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gc>

    Aug 06 17:10:16 centos8 systemd[1]: Starting OpenSSH server daemon...
    Aug 06 17:10:16 centos8 sshd[28513]: Server listening on 0.0.0.0 port 8888.
    Aug 06 17:10:16 centos8 systemd[1]: Started OpenSSH server daemon.


    5. Test.
    [testuser@centos8 ~]$ ip a | grep enp0s3
    2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.1.102/24 brd 192.168.1.255 scope global noprefixroute enp0s3

    [testuser@centos8 ~]$ ssh root@192.168.1.102 #默认22端口已失效。
    ssh: connect to host 192.168.1.102 port 22: Connection refused

    [testuser@centos8 ~]$ ssh root@192.168.1.102 -p 8888 #已禁止root帐号登录
    The authenticity of host '[192.168.1.102]:8888 ([192.168.1.102]:8888)' can't be established.
    ECDSA key fingerprint is SHA256:R0pE89wn1wUodRxuGLkFjQMKnGDKUAVmlrjO6LLEtMc.
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added '[192.168.1.102]:8888' (ECDSA) to the list of known hosts.
    root@192.168.1.102's password:
    Permission denied, please try again.

    [testuser@centos8 ~]$ ssh testuser@192.168.1.102 -p 8888 #普通帐号可以正常登录
    testuser@192.168.1.102's password:
    Last login: Thu Aug 6 17:17:50 2020 from 192.168.1.100

    [testuser@centos8 ~]$ su
    Password:
    [root@centos8 testuser]#

    [root@centos8 ~]# ssh -1 testuser@192.168.1.102 -p 8888 # Protocol 1 已经不支持
    SSH protocol v.1 is no longer supported
    [root@centos8 ~]# ssh -2 testuser@192.168.1.102 -p 8888 # Protocol 2 正常
    The authenticity of host '[192.168.1.102]:8888 ([192.168.1.102]:8888)' can't be established.
    ECDSA key fingerprint is SHA256:R0pE89wn1wUodRxuGLkFjQMKnGDKUAVmlrjO6LLEtMc.
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added '[192.168.1.102]:8888' (ECDSA) to the list of known hosts.
    testuser@192.168.1.102's password:
    Web console: https://centos8:9090/ or https://192.168.1.102:9090/

    Last login: Thu Aug 6 17:19:09 2020 from 192.168.1.102
    [testuser@centos8 ~]$

  • 相关阅读:
    gsoap、c++。webservice的client。
    2.5给定两个用链表表示的整数,每个结点包含一个数位。这些数位是反向存放的,也就是个位排在链表首部。编写函数对这两个整数求和,并用链表形式返回结果。进阶:假设这些数位是正向存放的。
    c++、webServices、gsoap、tinyxml、iconv
    2.4编写代码,以给定值x为基准将链表分割成两部分,所有小于x的结点排在大于或者等于x的结点之前。
    CMD窗口快捷键
    IE7下position:relative与overflow的问题
    关于ASP.NET下,JQuery+AJAX使用JSON返回对象集合List数据的总结
    找不到可安装的 ISAM(必解决)
    jquery mini ui
    Unity3D
  • 原文地址:https://www.cnblogs.com/rusking/p/13449157.html
Copyright © 2020-2023  润新知